Emotet trojan evolves to spread via WiFi connections

This is nasty stuff.

[…] Historically, Emotet has worked by getting a foothold inside a company after careless employees open boobytrapped Office documents they receive via email.

Once they get infected, the Emotet trojan downloads various modules in order to spread laterally inside a network.

For the past years, this “lateral movement” has been limited, with Emotet being confined to computers and servers that are found on the same network, only.

Companies that implemented proper network segmentation would often be able to limit the reach of an Emotet attack to a few departments or just a few computers.


However, in a blog post published last week, security researchers at BinaryDefense have made a pretty important discovery that’s surely to give many system administrators headaches for the foreseeable future — namely an Emotet module that under certain circumstances can jump the WiFi gap to nearby networks.



[…] This new Emotet module means companies can’t run WiFi networks with simplistic passwords inside their headquarters anymore. If the Emotet gang decides to deploy its WiFi spreader module, they can jump to nearby networks if those networks don’t use a complex password.


Original Article