Emotet, the Trojan that uses Wi-Fi to spread

2
321
Emotet, the Trojan that uses Wi-Fi to spread
Emotet, the Trojan that uses Wi-Fi to spread

Bad news. A new Trojan called Emotet (with name of Egyptian pharaoh) has arrived, making life more complex for people who use computers and the Internet on a daily basis.

This new Trojan recently discovered, puts the security of our computers in high risk.

The novelty of this new “infection”, is that until now, all the threats that existed had a common characteristic and that was that they needed the collaboration of the user to be able to spread.

Playing music with Microsoft Excel
Playing music with Microsoft Excel

Whether it is through an email or the use of a messaging application or a social network, a Trojan, helped by the ignorance of the users, could easily get into our computers.

However, not content with these, the criminal minds behind the creation of these threats, made Emotet go one step further, as now this Trojan can infect any computer that is connected to the same Wi-Fi network without the need for the involuntary help of any person.

Emotet, the new owner of Wi-Fi

The way Emotet operates
The way Emotet operates

In Defense Binary they explain how this new threat works. To achieve its objectives, this Trojan takes advantage of the wlanAPI interface so that it tries to identify all the Wi-Fi networks at the same point in order to try to spread through them by infecting all the connected devices.

When the Trojan enters a system, it starts to list the different wireless networks that this computer has access to using wlanAPI.dll calls, which is the protocol that allows you to manage wireless network profiles and wireless network connections. Wlanapi.dll arrived with Windows Vista in 2006 and has since become part of Windows 7, Windows 8, Windows 8.1, and Windows 10.

Emotet, the Trojan horse that spreads through the Wi-Fi
Emotet, the Trojan horse that spreads through the Wi-Fi

Emotet uses brute force to try to discover the authentication and encryption system to access the connection. In that order of ideas, the Trojan takes advantage of the fact that there are many users who still use simple passwords or even factory default ones. Every time Emotet breaks into a new network, it stores the information from each newly discovered network and thus increases its data as it expands. That’s why now more than ever it’s important to change router and network access data using complex passwords that are not easy to guess.

If you want to know if your computer has been infected with Emotet, you can download EmoCheck which is a tool to check if you are at risk from this trojan. EmoCheck and is accessible from the CERT Japan GitHub repository.

Finally, it is incomprehensible how humans often use their intelligence to cause harm to others. If all that knowledge used by the creators of viruses, Trojans, malware and all the countless threats on the Internet were used to do something positive and productive for humanity, we would surely live in a much better world.

2 COMMENTS

  1. Do you mind if I quote a couple of your articles as long as I provide credit and sources back to your weblog? My blog is in the exact same niche as yours and my users would genuinely benefit from a lot of the information you provide here. Please let me know if this alright with you. Thanks a lot!|

LEAVE A REPLY

Please enter your comment!
Please enter your name here