Cybercriminals are constantly on the prowl, seeking to come up with new evading and infecting techniques. They seldom launch a whole new malware. Instead, they prefer to refurbish an existing one and make it more lethal to bait victims. According to latest reports, a new variant of the notorious Emotet malware is now infecting devices through wireless networks. To accomplish their sinister plan, they are using brute-force methods to crack Wi-Fi passwords.
Researchers at Binary Defense who found the new method of compromising users have explained that the technique was up in the air for a couple of years but remained uncharted.
Emotet malware targets Windows running machines and network. It is known for performing specific tasks, steal Outlook contacts and replicate itself over a LAN network. The newly- discovered spreading technique shows that the malware is capable of taking down Wi-FI connected devices too.
Infection process
In their research, the Binary Defense folks found that once the malware manages to infect a machine, it connects to a command-and-control server and download two executable malware.
Out of these two files, wlanAPI.dll is capable of intruding into any Wi-Fi network.
The malware author then intends to get into the target Wi-Fi network using brute-force techniques to retrieve the user name and password of the network.
After executing the attack, the malware connects to the C2 server again to mount a mass-scale brute-force attack on Windows running machines that exist in the network.
Strength
The researches explained that Emotet malware can be manipulated to download ransomware and other Trojans to launch a more massive attack. Later it mostly intends to steal the banking credentials of the victim.
Tips to remain safe
To stay safe from Emotet malware attacks, analysts of Binary Defense have recommended
use of strong passwords to secure wireless networks so that malware like Emotet cannot gain unauthorised access to the system.
Network administrators should also actively monitor all new processes running in the devices connected to the network.
