Emotet advances and uses WiFi networks to spread itself

Emotet is now exploiting WiFi networks and affecting nearby devices.

Emotet has been affecting the cyber world for a long time now. It is a trojan that operates by generating various spams and ransomware attacks. In recent research it was found that Emotet is now using WiFi networks to spread itself. The research says that Emotet uses a “WiFi spreader” module to scan WiFi networks, and then it infects devices that are connected to it.

Emotet uses an already-infected device to list all the surrounding WiFi networks. Upon retrieving the list of networks it attempts to connect to them using a brute force mechanism. If the trojan succeeds in gaining access to the network, it starts enumerating all non-hidden shares. Emotet then uses a brute force attack to guess the usernames and passwords of all users connected to the network resource.

After gaining the usernames and passwords, the worm moves to the next phase of installing payloads called “service.exe” in the newly infected system. In order to hide the malicious activities, the payload is installed as a Windows Defender System Service. NPAV recommends all the users to keep their devices properly protected by using a strong password. A strong password prevents all such brute force attacks and keeps your device safe.

Use NPAV and join us on a mission to secure the cyber world.