Trojan Emotet learned to spread not only via Internet but also through coming to the infected computer Wi-Fi networks and infect new computers, report the researchers in the field of information security company Binary Defense. Judging from the area code of the malware, the opportunity she had at least a year and a half ago, but noting it was only now.
Emotet is a Trojan that was first discovered in 2014 and is still actively used, and hackers will adapt its code to avoid detection and to use new techniques of infecting devices. Itself Emotet is mainly used for penetration with the system, and then downloads additional malicious software to direct tasks such as data theft or spam distribution.
Usually it is spread through the attachment of the e-mail or through infected computers in the local network. In January, specialists from the Binary Defense found that the new version of the Trojan uses a rare and potentially effective mechanism of dissemination via Wi-Fi network around.
After getting on the computer with a Windows Trojan with the help of the wlanAPI gets the list of Wi-FI devices, and then using the first collects data about all the surrounding networks and tries to connect to it. If the network is password-protected, the Trojan tries to connect using the built-in password list. If the connection was successful, the program sleeps for 14 seconds, and sends a combination of the network name and password on the server of malefactors.