New PC malware propagates via Wi-Fi — here's how to protect yourself

Linksys Router 2-20e2
Linksys Router 2-20e2 (Image credit: Windows Central)

What you need to know

  • A newly discovered variant of the Emotet Trojan can hop from Wi-Fi network to Wi-Fi network.
  • Emotet is a malware that can steal personal information, install ransomware, download other pieces of malware, and form botnets.
  • The key to stopping it is a good set of passwords.

A newly discovered variant of the Emotet Trojan can spread between Wi-Fi wireless networks. Emotet relies on brute force and insecure passwords to jump from network to network. Emotet can steal personal information, install ransomware, download other pieces of malware, and form botnets. Luckily, it's relatively easy to stop by using a good set of passwords.

Emotet gets onto a system by using brute force to find its way onto a network. When Emotet is already on a PC, it looks for Wi-Fi networks within range. It then goes through a precompiled list of passwords that people frequently use. If successful, Emotet then sends the password that worked to a command-and-control server to add it to a master list.

After jumping onto a new network, Emotet scans for Windows devices, uses brute force to get itself onto a device, and repeats the process.

Security firm Binary Defenses discovered Emotet spreading through Wi-Fi networks. The firm summarizes the trojan's new capability, "Previously thought to only spread through malspam and infected networks, Emotet can use this loader-type to spread through nearby wireless networks if the networks use insecure passwords."

Luckily, a strong set of passwords is a safe defense against this type of trojan. The analysts at Binary Defense recommend "using strong passwords to secure wireless networks so that malware like Emotet cannot gain unauthorized access to the network." You can secure your devices and network even further by using network monitoring.

Emotet gets into systems by seeing if frequently uses passwords will connect to a network or device. That means that systems with simple passwords or that use factory-default passwords are at risk.

Sean Endicott
News Writer and apps editor

Sean Endicott brings nearly a decade of experience covering Microsoft and Windows news to Windows Central. He joined our team in 2017 as an app reviewer and now heads up our day-to-day news coverage. If you have a news tip or an app to review, hit him up at sean.endicott@futurenet.com (opens in new tab).

1 Comment
  • So once it has the WiFi password, how does it install onto the network ? Does it infect the WAP or does it brute onto individual devices connected to the network? Does it only affect Windows devices?