{
	"id": "1e6b68c4-92fb-4aad-8b4e-38ffa405d6e6",
	"created_at": "2026-04-06T00:21:52.548133Z",
	"updated_at": "2026-04-10T03:21:14.914748Z",
	"deleted_at": null,
	"sha1_hash": "c8d323342550a42f05a064d6cae160b3b124365c",
	"title": "Emotet Now Spreads via Wi-Fi",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 132093,
	"plain_text": "Emotet Now Spreads via Wi-Fi\r\nArchived: 2026-04-05 22:32:22 UTC\r\nA new strain of Emotet was found spreading through wireless internet\r\nconnections, deviating from the email spam campaigns that the malware commonly utilizes as a means of propagation.\r\nAccording to researchers from Binary Defense, this new loader type takes advantage of the wlanAPI interface to spread\r\nfrom an infected device to an unsecure Wi-Fi network. \r\nHow Emotet spreads via Wi-Fi\r\nEmotet can now hop from infected devices and servers to Wi-Fi networks. These networks can then go on to infect other\r\ndevices, possibly causing a never-ending loop of infection. Based on the analysis by Binary Defense, below is the method\r\nused by this strain to infect other devices:\r\nFirst, Emotet infects a host (computers or other devices). The malware then downloads and executes the Wi-Fi\r\nspreader module.\r\nThe Wi-Fi spreader module then enumerates all Wi-Fi devices enabled on the host. This module then comes up with\r\nthe list of reachable Wi-Fi networks.\r\nThe module then launches brute-force attacks on each of the enumerated Wi-Fi networks. To do this, it uses its two\r\ninternal lists of easy-to-guess passwords. It wasn’t indicated where these lists came from.\r\nIf this attack succeeds, it then launches a second brute-force attack to guess the log-in credentials of computers and\r\nservers connected to the compromised Wi-Fi network.\r\nIf this second attack succeeds, the cycle goes back to step 1 for another round of infection.\r\nRecords of an executable file used in the attacks had the timestamp of April 16, 2018, suggesting that Emotet’s capability to\r\npropagate via Wi-Fi may have been left undetected for almost 2 years.\r\nThe Trend Micro detections for the threat are Worm.Win32.EMOTET.AA and TrojanSpy.Win32.EMOTET.TIABOFHL.\r\nSecuring Wi-Fi devices\r\nSecuring Wi-Fi devices is crucial in thwarting threats. One simple way to do this is having secure passwords. For users, it\r\ncan be difficult to remember complex passwords, not to mention typing these take long, pushing many people to choose\r\neasy-to-guess passwords such as “abc123” and \"qwerty”. Some don’t even change the default passwords at all. However,\r\ndoing this for Wi-Fi devices (and for any device, for that matter) is like giving threat actors a free pass to home and even\r\nwork networks.\r\nApart from ensuring strong passwords are used across devices and networks, enterprises can protect Wi-Fi devices further\r\nby ensuring that encryption is enabled. System administrators should also closely monitor networks to spot signs of\r\nhttps://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/emotet-now-spreads-via-wi-fi\r\nPage 1 of 3\n\nsuspicious activities.\r\nAs most strains of Emotet still propagate through spam campaigns, employees should remain on the lookout for socially\r\nengineered emails that Emotet and other malware families can use as entry points.\r\nBecause the Emotet strain affects endpoints, servers, and networks, the necessity of employing a multilayered\r\nsecurityproducts is highlighted. Protect gateways, endpoints, networks, and servers while having centralized visibility and\r\ncontrol. \r\nFor specialized protection, Trend Micro™ Network Defenseproducts, powered by XGen™ security, protects against known,\r\nunknown, and undisclosed vulnerabilities in the network. It can detect and respond to targeted attacks, whether the threat\r\nmoves laterally, inbound, or outbound.\r\nThe Trend Micro Deep Discovery™ solution delivers detection, in-depth analysis, and proactive response to attacks. It has a\r\nlayer for email inspectionproducts that can secure enterprises through the detection of malicious attachments and URLs. It\r\ncan detect remote scripts, even those that are not downloaded on endpoints. The Trend Micro Deep\r\nDiscovery Inspectorproducts solution protects customers from Emotet via this DDI rule:\r\n4320 - EMOTET - HTTP (Request) – Variant 6\r\n4345 - EMOTET - HTTP (Request) – Variant 7\r\nSHA-1\r\nTrend Micro Predictive\r\nMachine Learning Detection\r\nTrend Micro Pattern Detection\r\na9c13d03e2f056d233ed7b7c97a6dc2b1ec70a50 Troj.Win32.TRX.XXPE50FFF033 Worm.Win32.EMOTET.AA\r\n1e7c5ada1ac91990b20215397cb9ce9fd66528dd N/A TrojanSpy.Win32.EMOTET.TIABOFH\r\na97fbd3a89ba663ab9eb3488ff47665b21d17107 N/A Worm.Win32.EMOTET.AA\r\nHIDE\r\nLike it? Add this infographic to your site:\r\n1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page\r\n(Ctrl+V).\r\nImage will appear the same size as you see above.\r\nWe Recommend\r\nThe Industrialization of Botnets: Automation and Scale as a New Threat Infrastructurenews article\r\nComplexity and Visibility Gaps in Power Automatenews article\r\nCracking the Isolation: Novel Docker Desktop VM Escape Techniques Under WSL2news article\r\nAzure Control Plane Threat Detection With TrendAI Vision One™news article\r\nThe AI-fication of Cyberthreats: Trend Micro Security Predictions for 2026predictions\r\nRansomware Spotlight: DragonForcenews article\r\nStay Ahead of AI Threats: Secure LLM Applications With Trend Vision Onenews article\r\nThe Road to Agentic AI: Navigating Architecture, Threats, and Solutionsnews article\r\nhttps://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/emotet-now-spreads-via-wi-fi\r\nPage 2 of 3\n\nSource: https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/emotet-now-spreads-via-wi-fi\r\nhttps://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/emotet-now-spreads-via-wi-fi\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"references": [
		"https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/emotet-now-spreads-via-wi-fi"
	],
	"report_names": [
		"emotet-now-spreads-via-wi-fi"
	],
	"threat_actors": [],
	"ts_created_at": 1775434912,
	"ts_updated_at": 1775791274,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/c8d323342550a42f05a064d6cae160b3b124365c.pdf",
		"text": "https://archive.orkl.eu/c8d323342550a42f05a064d6cae160b3b124365c.txt",
		"img": "https://archive.orkl.eu/c8d323342550a42f05a064d6cae160b3b124365c.jpg"
	}
}