Emotet malware evolves with new Wi-Fi spreader

Emotet is a highly sophisticated trojan that typically also serves as a loader for other malware. A key functionality of Emotet is its ability to deliver custom modules or plugins that are suited for specific tasks, including stealing Outlook contacts, or spreading over a LAN. Recently, Binary Defense has identified a new loader type that takes advantage of the wlanAPI interface to enumerate all Wi-Fi networks in the area, and then attempts to spread to these networks, infecting all devices that it can access in the process (as seen in Figure 1).


Figure 1 Wi-Fi spreader overview

Read more: Emotet Evolves With new Wi-Fi Spreader - Binary Defense