Public WiFi- A New Way to Spread Malware
Attackers are using unsecured Wi-Fi networks as a way to deliver the malware to more devices. A new malware, called Emotet has the capability to help spread their malware to more victims. This malware can also spread from one device to another by creating a botnet that helps deliver additional spam and emails. It spreads across an unsecured public Wi-Fi network by taking advantage of weak passwords and other security flaws.
The researchers have found that some versions of Emotet can be spread across an unsecured WiFi network by taking advantage of weak passwords and other security flaws. While these types of infections are rare, it's important to keep an eye on how the Trojan's creators are attempting new methods.
Some Emotet samples in campaigns leveraging WiFi that researchers examined in January contained a timestamp dated April 16, 2018, which suggests that the capability to spread the malware through poorly secured WiFi networks may have gone unnoticed until now. In these campaigns, once attackers infect a device with the Trojan, it starts to download what the researchers call a WiFi spreader module, which contains two binaries. One of these binaries, called worm.exe, begins to list all the WiFi-enabled devices that are connected with the infected device.
The binary also extracts a list of reachable wireless networks using the wlanAPI interface found in later versions of Microsoft Windows, according to the report. This interface helps manage WiFi connections and network profiles in some versions of Windows.
Once the list of all WiFi networks and devices is gathered, the binary then begins to use a brute force attack to guess the usernames and passwords of the wireless networks, looking for one it can crack. The Emotet malware has an internal list of passwords that it uses as part of this brute force attack.
It has been recommended by researchers that the IT and security teams should take the time to create stronger passwords for WiFi networks to ensure that these brute force attacks are less likely to be successful.
Alteryx brings Unified Platform Experience to boost Analytics Automation
Alteryx has announced expanded cloud-connected platform experiences for its flagship...
Roposo brings in Shipstreak, end-to-end order management tool
Roposo has launched Shipstreak, a comprehensive order management solution design...
Adobe integrates Generative AI-based capabilities into Photoshop
Adobe has unveiled Generative Fill in Photoshop, bringing Adobe Firefly generati...
MediaTek organizes its 12th Chapter of Technology Diaries
MediaTek has hosted its 12th Chapter of Technology Diaries themed ‘The Vision to Go...
Startup Odisha to feature on CII’s Corporate-Startup Connect Platform CII ICONN
In an effort to provide startups in Odisha with a strong corporate connection, Startup Odi...
Pega introduces Pega GenAI to Infuse Generative AI Capabilities in Pega Infinity '23
Pegasystems has announced Pega GenAI – a set of 20 new generative AI-powered booster...
Unisys continues to connect young engineers with business leaders through its flagship event
Unisys announces the winners of the company’s annual technical project competition f...