BACK

Emotet

Emotet spotted spreading via brute-forced Wi-Fi Networks effecting LAN’s.   Emotet is a known highly sophisticated banking trojan that’s primary capabilities are stealing user credentials stored within a browser and eavesdropping on network traffic. The initial delivery method was via malspam (malicious emails) using infected attachments and embedded malicious URLs. The trojan has evolved and …

  • 21 Feb 2020
  • DigitalXRAID
2 min read
Emotet

Emotet spotted spreading via brute-forced Wi-Fi Networks effecting LAN’s.

 

Emotet is a known highly sophisticated banking trojan that’s primary capabilities are stealing user credentials stored within a browser and eavesdropping on network traffic. The initial delivery method was via malspam (malicious emails) using infected attachments and embedded malicious URLs.

The trojan has evolved and now has worm-like capabilities enabling the spread of the trojan via networks. Researchers at Binary Defense who reported on the technique state this may have been ongoing for two years prior to discovery judging by timestamps within the code. A new threat vector has been introduced, enabling Emotet to spread via wireless networks with weak password configurations.

After the malware is installed and running on an endpoint, it will download two executables. These payloads extract themselves and initiate a call to wlanAPI.dll, which is a legitimate Windows library code to enable a connection to Wi-Fi networks. Adopting this library, the malware enumerates nearby Wi-Fi networks and attempts to join them using brute-forcing techniques to guess passwords.

If successful, the malware will connect to a command-and-control server where it gets initiated to begin the second round of brute-force attacks on Windows endpoints of compromised wireless networks. Specifically, it targets network shares found on the Wi-Fi so it can login and infect them. This scenario enables one user to get infected and without any user interaction the malware can be distributed to other users on their network and surrounding networks. Finally, once attached to a computer it can be instructed by the Command-and-control (C2) to download other malicious files leaving the victim open to a variety of attacks. Figure 1 displays an overview of how Emotet spreads across networks.

Figure 1: Emotet Spread via Wi-Fi concept

The best way to protect against this strain of malware is to keep systems and antivirus up to date alongside enforcing an authentication scheme for Wi-Fi networks or simply ensuring the default admin credentials have been changed to a secure password.

Blog Details
  • 21 Feb 2020
  • DigitalXRAID

Newest Articles.

View all

Get a Quote

Click below and we’ll send you a quote as soon as possible.

quote-form-pattern
  • This field is for validation purposes and should be left unchanged.

Contact Us

Click below and we’ll send you a quote as soon as possible.

quote-form-pattern
  • This field is for validation purposes and should be left unchanged.

Step 1 of 4 - Let’s get started

25%
  • Thanks for your interest in working with us. Please complete the details below and we’ll get back to you as soon as possible.
Close ×
price-popup-pattern
Close ×
price-popup-pattern
Close ×

Step 1 of 3

33%
  • Cyber Essentials Basic Pass Guarantee - £950

    Your Details

price-popup-pattern
Close ×

Step 1 of 3

33%
  • Cyber Essentials Basic Pay Monthly - £79 pcm

    Your Details

price-popup-pattern
Close ×

Step 1 of 2

50%
  • Cyber Essentials Plus - Get a Quote

    Your Details

price-popup-pattern
Close ×

Get In Touch

  • This field is for validation purposes and should be left unchanged.
price-popup-pattern
Close ×

Get A Quote

  • This field is for validation purposes and should be left unchanged.
price-popup-pattern
Close ×
price-popup-pattern

Buy Cyber Essentials

price-popup-pattern