After the discovery in early August of a botnet that compromised the security of dozens of Internet routers, a new flaw has been exploited in the Realtek chipset. The botnet has “mutated” to attack light bulbs, routers, repeaters and other objects in the home that are not sufficiently secured.
We thought the adventures of the botnet named Mirai and discovered in early August were over. But this was without counting on the wisdom of its creators who managed to make it evolve to continue its misdeeds.
Based on the same principles, a new botnet is currently taking advantage of a critical vulnerability in the SDK of hundreds of thousands of devices. All of them have in common that they are based on the Realtek SDK. In total, there are no less than 200 models from about sixty suppliers (the list here) such as Asus, Belkin, D-Link, Netgear or ZTE, reported the site BleepingComputer.
A botnet that knows how to adapt
These attacks began two days after the revelations of the Mirai-carried malware debunked by IoT inspector security researchers. Realtek sent out a patched version of its chipset as early as August 13, but according to cybersecurity specialist SAM Seamless Network, the “new-fangled” Mirai botnet began tracking vulnerabilities in unpatched connected devices a few days later. And they reportedly listed about ten of them.
The botnet is now targeting Wi-Fi devices such as routers, repeaters, security cameras with IP, light bulbs or even connected toys linked to the Internet. The bug attacks the web management interface to launch its remote attacks and try to hack the products by obtaining all the access privileges. It can then easily take control of them if they have not been corrected.
Lucky for hackers: between the vacations and the difficulty of deploying patches that are quickly downloaded by users, there is a perfect window of opportunity for the botnet to have a field day. One piece of advice: always do the security updates!