Mirai botnet now targeting critical flaw in thousands of routers

Botnet
(Image credit: Shutterstock / BeeBright)

A new variant of the Mirai botnet has begun exploiting multiple vulnerabilities in a software development kit (SDK) used by thousands of Realtek-based devices.

The vulnerabilities were discovered by IoT Inspector, the makers of the firmware security analysis platform of the same name, last week and thought to affect more than 65 hardware manufacturers and a variety of wireless devices.

Network security firm SAM Seamless Network now reveals that the Mirai-based botnet started trawling the web for unpatched devices two days after the public disclosure, even though Realtek had patched the vulnerabilities three days prior to IoT Inspectors’ announcement.

TechRadar needs yo...

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> <a href="https://project.tolunastart.com/tqsruntime/main?surveyData=LFFFsT0HpgsyUe0tTFumBJohXK8Sedt0ARpsCF4DRGR+oCoVbvd+2+d8+UNIIx4L" data-link-merchant="project.tolunastart.com"" target="_blank">Click here to start the survey in a new window <<

“One of the vulnerabilities disclosed, CVE-2021-35395, affects the web interface that is part of the SDK, and is a collection of six different vulnerabilities. As of August 18th, we have identified attempts to exploit CVE-2021-35395 in the wild,” notes Omri Mallis, chief product architect at SAM Seamless Network.

Updated botnet

The researchers note that the particular Mirai malware used to exploit the Realtek vulnerability, was first seen by Palo Alto Network earlier this year in March. 

This was followed by another sighting by Juniper Networks earlier this month, when the botnet authors exploited another newly discovered vulnerability, again only a couple of days after it was announced.

“This chain of events shows that hackers are actively looking for command injection vulnerabilities and use them to propagate widely used malware quickly. These kinds of vulnerabilities are easy to exploit and can be integrated quickly into existing hacking frameworks that attackers employ, well before devices are patched and security vendors can react,” observes Mallis.

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.