Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Emotet Hacks Nearby Wi-Fi Networks to Spread to New Victims
#1
Exclamation 
Quote:A recently spotted Emotet Trojan sample features a Wi-Fi worm module that allows the malware to spread to new victims connected to nearby insecure wireless networks according to researchers at Binary Defense.

This newly discovered Emotet strain starts the spreading process by using wlanAPI.dll calls to discover wireless networks around an already infected Wi-Fi-enabled computer and attempting to brute-force its way in if they are password protected.

Once it successfully connects the compromised device to another wireless network, the worm will start finding other Windows devices with non-hidden shares.

Next, it scans for all accounts on those devices and tries to brute-force the password for the Administrator account and all the other users it can retrieve.

After successfully breaking into an account, the worm drops a malicious payload in the form of the service.exe binary onto the victim's computer and installs a new service named "Windows Defender System Service" to gain persistence on the system.

[Image: Emotet%20infection%20over%20Wi-Fi.png]


Read More...
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Emotet’s return is the canary in the coal mine tarekma7 0 3,169 08-01-2020 , 10:42 PM
Last Post: tarekma7

Forum Jump:


Users browsing this thread: 1 Guest(s)