Their success is thanks to the fact that its creators have worked hard and diligently to keep it upgraded by bolting on a variety of modules that enhance its capabilities in new, and sometimes terrifying ways.
Recently, researchers at BinaryDefense have spotted a particularly nasty new module that allows the trojan to infect other devices nearby. Called a “WiFi Spreader,” it allows the trojan to hop wirelessly from one device to another.
Granted, this capability does not guarantee a 100 percent infection success rate, because the nearby device may have protection protocols in place. It does, however, provide a new attack vector the malware can utilize to spread itself farther than it otherwise might.
The implications of this are staggering. If Emotet makes its way onto your system and the strain you have has the WiFi Spreader module, it poses many risks. It poses risks to your own network, to the personal devices your employees carry that aren’t connected to your network, and also to any other networks in close proximity to yours. Whether the networks are one floor up, or down, right next door, they are also at risk.
Also, consider the implications of an Emotet infection in a shared work environment. For example, WeWork office space, or a constellation of small companies that share one floor of an office and work in close proximity to one another. These kinds of arrangements are increasingly common and will absolutely complicate forensic investigations of malware infections.
If there’s a silver lining here, it is the fact that according to Binary Defense, the WiFi spreader doesn’t work on Windows XP SP2 or Windows XP SP3. That is because it utilizes functions that are incompatible with those builds. In any case, stay vigilant and be on the lookout for Emotet. It’s one of the most dangerous forms of malware out there.