Public WiFi- A New Way to Spread Malware
2020-11-17Attackers are using unsecured Wi-Fi networks as a way to deliver the malware to more devices. A new malware, called Emotet has the capability to help spread their malware to more victims. This malware can also spread from one device to another by creating a botnet that helps deliver additional spam and emails. It spreads across an unsecured public Wi-Fi network by taking advantage of weak passwords and other security flaws.
The researchers have found that some versions of Emotet can be spread across an unsecured WiFi network by taking advantage of weak passwords and other security flaws. While these types of infections are rare, it's important to keep an eye on how the Trojan's creators are attempting new methods.
Some Emotet samples in campaigns leveraging WiFi that researchers examined in January contained a timestamp dated April 16, 2018, which suggests that the capability to spread the malware through poorly secured WiFi networks may have gone unnoticed until now. In these campaigns, once attackers infect a device with the Trojan, it starts to download what the researchers call a WiFi spreader module, which contains two binaries. One of these binaries, called worm.exe, begins to list all the WiFi-enabled devices that are connected with the infected device.
The binary also extracts a list of reachable wireless networks using the wlanAPI interface found in later versions of Microsoft Windows, according to the report. This interface helps manage WiFi connections and network profiles in some versions of Windows.
Once the list of all WiFi networks and devices is gathered, the binary then begins to use a brute force attack to guess the usernames and passwords of the wireless networks, looking for one it can crack. The Emotet malware has an internal list of passwords that it uses as part of this brute force attack.
It has been recommended by researchers that the IT and security teams should take the time to create stronger passwords for WiFi networks to ensure that these brute force attacks are less likely to be successful.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.