Warning: This destructive botnet can spread to nearby WiFi networks | HT Tech

Warning: This destructive botnet can spread to nearby WiFi networks

The botnet, called Emotet, keeps getting more sophisticated and its reach continues to evolve

By: HT CORRESPONDENT
| Updated on: Feb 12 2020, 14:03 IST
Emotet has evolved to use already compromised devices to infect other devices that are connected to nearby WiFi networks.
Emotet has evolved to use already compromised devices to infect other devices that are connected to nearby WiFi networks. (Pixabay)

Over the past few years, a malware called Emotet has emerged as the top internet treat. Emotet pillages people's bank accounts and installs other types of malware. Emotet's code base is very sophisticated and it keeps evolving regularly to trick targets into clicking on malicious links.

For example, in September last year, Emotet began a spam run that addressed recipients by name and quoted past emails they had sent or received. This allowed the spam threat to spread widely. Now, Emotet has evolved a step further and is using already compromised devices to infect other devices that are connected to nearby WiFi networks.

You may be interested in

MobilesTablets Laptops
7% OFF
Apple iPhone 15 Pro Max
  • Black Titanium
  • 8 GB RAM
  • 256 GB Storage
28% OFF
Samsung Galaxy S23 Ultra 5G
  • Green
  • 12 GB RAM
  • 256 GB Storage
Google Pixel 8 Pro
  • Obsidian
  • 12 GB RAM
  • 128 GB Storage
Apple iPhone 15 Plus
  • Black
  • 6 GB RAM
  • 128 GB Storage

Here's how it works

Also read
Looking for a smartphone? To check mobile finder click here.

Emotet operators were caught using an updated version of the malware that uses infected devices to "enumerate all nearby WiFi networks", ArsTechnica reported. The malware was using a programming interface called wlanAPI to "profile the SSID, signal strength and use of WPA or other encryption methods for password-protecting access". Then, the malware goes on to use one of the two password lists to "guess commonly used default username and password combinations".

Also Read: Almost 4.5 lakh Indian debit,credit card records are being sold on dark net for $9 a piece

Once the infected device gains access to a new WiFi network it enumerates all non-hidden devices connected to that WiFi network. Then it uses the second password list to try and guess credentials for each of the users connected to the drive.

If none of the connected users are infected, the malware tries to "guess the password for the administrator of the shared resource".

(ArsTechnia)
image caption
(ArsTechnia)

Emotet is primarily known for circulating through malicious emails, but with this new version it is spreading like a 'virus' from device to device over infected networks. If it manages to successfully guess the password of a connected device, it loads the Emotet malware along with other pieces of malware, like Ryuk ransomware or the TrickBot, in "exchange for fees paid by operators of those campaigns".

Emotet has moved beyond infecting devices inside a compromised network to moving from network to network.

Change those weak passwords

"With this newly discovered loader-type used by Emotet, a new threat vector is introduced to Emotet's capabilities. Previously thought to only spread through malspam and infected networks, Emotet can use this loader-type to spread through nearby wireless networks if the networks use insecure passwords,"researchers from security firm Binary Defense wrote in a recently published post.

The Binary Defense post said "the new Wi-Fi spreader has a timestamp of April 2018 and was first submitted to the VirusTotal malware search engine a month later". While the module was created almost two years ago, Binary Defense had not observed it being used in the wild until last month.

Also Read: Researcher discovers WhatsApp bug that allowed hackers to access files on your PC

To make sure it is hard to crack, passwords should always be randomly generated and should never be fewer than 11 characters.

One of the aspects of the new WiFi spreader is different from Emotet's usual penchant for stealth of sophistication. "The module uses unencrypted connections to communicate with attacker-controlled servers. That makes it easy to detect patterns in traffic that people can use to detect infections," ArsTechnica reports.

The malware can also be detected through "active monitoring of connected devices for new services being installed and watching for any processes or services running from temporary files and user profile application data folders".

Catch all the Latest Tech News, Mobile News, Laptop News, Gaming news, Wearables News , How To News, also keep up with us on Whatsapp channel,Twitter, Facebook, Google News, and Instagram. For our latest videos, subscribe to our YouTube channel.

First Published Date: 12 Feb, 14:03 IST
NEXT ARTICLE BEGINS