One of the most
destructive malware botnets can now spread to nearby Wi-Fi networks
Emotet malware has proven itself to be a top threat. This
malware has a sophisticated code base and regularly evolving methods aimed at
tricking targets into clicking on malicious links.
From emptying consumers’ bank accounts to installing other
types of malware, the cyber criminals that created this malware have gone out
of their way to beef up the damage Emotet leaves in its wake.
Emotet is also a master of spreading its infection. Last
September, Emotet sent spam emails to victims that addressed them by name and
included quotes from past emails that they sent or received. Once the email
recipients clicked on the email, the malware infected their system.
That was all just child’s play, as Emotet has now evolved
and can use already compromised devices to infect devices that are connected to
nearby Wi-Fi networks.
Emotet does so by using a programming interface called
wlanapi to profile the SSID, signal strength, and use of WPA or other such
encryption methods for password-protecting access.
The malware then uses one of two password lists in order to
guess commonly used default username and password combinations.
Once the malware has successfully gained access to a new
Wi-Fi network, the infected device establishes a list of all non-hidden devices
that are connected to it. Then, using a second password list, the malware tries
to guess credentials for each user connected to the drive.
If no connected users are infected, the malware tries to
guess the password for the administrator of the shared resource.
When Emotet finds a suitable host, it loads the Emotet
malware and any other malware at its disposal, such as Ryuk or TrickBot.
This alarming method of malware spreading underscores the
importance of using strong passwords in order to protect devices and networks.
In fact, a strong password may be the last line of defense
to stop this malware’s ability to spread from device to device.
Passwords should be randomly generated, or phrases with
numbers and symbols replacing some letters in the phrase. The length of the
password matters and should be no fewer than 11 characters.
As always, if we can be of help with your network or computer, give us a call here at RHYNO Networks. (855) 749-6648
RHYNO Networks was designed to meet the needs of the IT marketplace. Specifically, to offer businesses skilled, timely IT services in order for them to focus on their business. We’re dedicated to the principles of Reliability, Innovation and Customer Service.