Emotet can now hack Wi-Fi networks

(Image credit: Shutterstock)

Security researchers at Binary Defense recently discovered an Emotet Trojan sample which features a Wi-Fi worm module that allows the malware to spread over insecure wireless networks to new victims.

This new strain utilizes wlanAPI.dll calls to discover wireless networks around a computer that is already infected with Emotet. By using the compromised machine's Wi-Fi connection, the malware tries to brute-force its way in to other password protected networks nearby.

After the compromised device has been successfully connected to another wireless network, the Emotet Trojan begins looking for other Windows devices with non-hidden shares. The malware then scans for all accounts on these devices and once again brute-forces the password for the Administrator account and all other users on the system.

Finally the worm gains persistence on the system by dropping a malicious payload in the form of a service.exe binary which installs a new service called “Windows Defender System Service”.

Undiscovered Wi-Fi spreader

In a blog post detailing their findings, the researchers at Binary Defense explained that Emotet's ability to spread over Wi-Fi has gone undetected for almost two years, saying:

“Worm.exe is the main executable used for spreading. This executable has a timestamp of 04/16/2018 and was first submitted to VirusTotal on 05/04/2018. The executable with this timestamp contained a hard-coded IP address of a Command and Control (C2) server that was used by Emotet. This hints that this Wi-Fi spreading behavior has been running unnoticed for close to two years.”

The reason that Wi-Fi spreading behavior went unnoticed for so long is due to how rarely the binary is dropped. According to Binary Defense, January 23rd 2020 marked the first time the company had observed the file being delivered by Emotet despite the fact that it was included in the malware since 2018.

Another reason it went undiscovered could be that the module did not display spreading behavior on the virtual machines and automated sandboxes without Wi-Fi cards that researchers use to dissect new strains of malware.

Emotet already posed a serious risk before but now that the malware can spread over Wi-Fi networks with simple passwords, expect organizations to take additional precautions to prevent falling victim to it.

Via BleepingComputer

TOPICS
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Latest in Pro
Hands typing on a keyboard surrounded by security icons
The psychology of scams: how cybercriminals are exploiting the human brain
The TikTok logo appears on a smartphone screen with the United States flag in the background
Oracle could still end up running TikTok
Abstract image of cyber security in action.
MassJacker malware targets those looking for pirated software
Stress
Complexity of IT systems could be increasing security risks for businesses
Code Skull
US government warns Medusa ransomware has hit hundreds of critical infrastructure targets
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.
CEOs think they might lose their jobs if they can't deliver on AI
Latest in News
Jason Sudeikis' Ted Lasso pointing at someone in Ted Lasso season 2
Believe it, baby: Ted Lasso season 4 is officially in development for Apple TV+ – and Jason Sudeikis will reprise his role as the titular soccer coach
Rainbow Six Siege X promotional art.
The Tom Clancy's Rainbow Six Siege X 6v6 mode might finally pull me away from Black Ops 6
A close up of the new web version of Apple Music Classical
Apple Music Classical is now available on the web, but its Mac app is still nowhere in sight
Silent Hill f
Silent Hill f will present players with 'a beautiful yet terrifying choice', and I can't wait to see what it is
Google Chromecast 2
Google is finally rolling out a fix for broken Chromecasts – just as new bugs appear on the Chromecast with Google TV
Garmin Instinct 3 in Neotropic Green
"I'm an idiot": Garmin user reveals how fixing one setting completely changed their training after months of making no progress