This Trojan uses Wi-Fi to spread to all computers connected to the same network

Emotet: this is the name of a new trojan discovered that jeopardizes the security of our computers The list of threats that we have suffered is endless and almost all of them had a common characteristic: to propagate they required the collaboration of the user.

Whether by means of an email or by using a messaging application or a social network, a Trojan promoted by the user in ignorance of it, could sneak into our computers. Emotet is one step further, as it is more sophisticated and it can be extended to other devices connected to the same Wi-Fi network

Using Wi-Fi network

Courtesy of Binary Defense

It was at Defense Binary where they explained how this new threat works. To achieve its objectives, this Trojan takes advantage of the wlanAPI interface in such a way that it tries to identify all Wi-Fi networks at the same point in order to try to spread through them by infecting to all connected devices.

When the Trojan enters a system, it begins enumerating the various wireless networks that this computer has access to using wlanAPI calls .dll. It is the protocol that allows you to manage wireless network profiles and wireless network connections. Wlanapi.dll arrived with Windows Vista in 2006 and has since become part of Windows 7, Windows 8, Windows 8.1, and Windows 10.

Emotet uses brute force to attempt to discover the authentication and encryption system to access the connection. In this sense, the Trojan takes advantage of the fact that there are many users who continue to use simple passwords or even those that come from the factory. Emotet contains a repository of previously discovered networks, data that grows as it grows. Hence the importance of changing the access data to the router and the network.

If you want to know if your computer has been infected with Emotet, you can download the tool to check if you are at risk. It is called EmoCheck and is accessible from the Japan CERT GitHub repository.

Via | Windows Central