Emotet Malware Campaign Spread The Infection Across The Network
The Emotet banking Trojan was first identified by security researchers in 2014. Emotet was initially designed as a banking malware that attempted to sneak onto your computer and steal sensitive and private information.
The new Emotet "WiFi spreader" module (as it was called) does not guarantee a 100% infection rate, as it relies on users utilizing weak passwords for their WiFi networks. However, it opens a new attack vector inside infected companies that the Emotet gang can exploit to maximize their reach.
It means that computers infected with Emotet are now a danger for the infected company's internal network and nearby companies' networks in the original victim's physical proximity.
System administrators often use WiFi networks to segment parts of their networks into different sections but still keep internet connectivity available for all employees.
This new Emotet module means companies can't run WiFi networks with simplistic passwords inside their headquarters anymore. If the Emotet gang decides to deploy its WiFi spreader module, they can jump to nearby networks if they don't use a complex password.
Having Emotet dropped on your network via WiFi will most likely complicate many incident response investigations. WiFi is not a traditional attack vector for Emotet, nor many other malware strains.
In many cases, companies use simplistic passwords for internal WiFi networks because they know only employees will be in reach to access them. Companies may not be aware that they need to use more complex WiFi hotspot passwords to prevent future Emotet intrusions.
Although a BinaryDefense researcher was not available for comment, the security vendor was pretty clear in its report last week when it said that Emotet got a significant boost in attack capabilities.
BinaryDefense warns companies to take precautions by securing WiFi networks with strong passwords, as this is the easiest way to defend against Emotet's new WiFi module.