Security News > 2023 > January > Malware exploited critical Realtek SDK bug in millions of attacks
Hackers have leveraged a critical remote code execution vulnerability in Realtek Jungle SDK 134 million attacks trying to infect smart devices in the second half of 2022.
Most of these attacks originate from botnet malware families like Mirai, Gafgyt, Mozi, and derivatives of them.
"From August 2021 to December 2022, we have observed 134 million exploit attempts in total, targeting CVE-2021-35394, with 97% of these attacks occurring after the start of August 2022," reads Unit 42's report.
"More than 30 international regions were involved as the attack origins, with the United States being the largest source of attacks at 48.3% of the total. Vietnam, Russia, The Netherlands, France, Luxembourg, and Germany were also found to be in the top seven countries from which we observed threat actors taking part in these attacks" - Palo Alto Networks Unit 42 Realtek SDK flaw details.
CVE-2021-35394 is a critical vulnerability in Realtek Jungle SDK version 2.x to 3.4.14B, caused by multiple memory corruption flaws that allow remote unauthenticated attackers to perform arbitrary command injection.
Realtek fixed the flaw on August 15, 2021, along with other critical severity flaws like CVE-2021-35395, which was extensively targeted by botnets that incorporated exploits mere days after its disclosure, and as recently as last December.
News URL
Related news
- Malware botnets exploit outdated D-Link routers in recent attacks (source)
- CISA warns of critical Oracle, Mitel flaws exploited in attacks (source)
- Ivanti zero-day attacks infected devices with custom malware (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- WP3.XYZ malware attacks add rogue admins to 5,000+ WordPress sites (source)
- Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacks (source)
- IPany VPN breached in supply-chain attack to push custom malware (source)
- MintsLoader Delivers StealC Malware and BOINC in Targeted Cyber Attacks (source)
- Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891) (source)
- Critical RCE bug in Microsoft Outlook now exploited in attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-16 | CVE-2021-35395 | Unspecified vulnerability in Realtek Jungle SDK Realtek Jungle SDK version v2.x up to v3.4.14B provides an HTTP web server exposing a management interface that can be used to configure the access point. | 9.8 |
| 2021-08-16 | CVE-2021-35394 | Unspecified vulnerability in Realtek Jungle SDK Realtek Jungle SDK version v2.x up to v3.4.14B provides a diagnostic tool called 'MP Daemon' that is usually compiled as 'UDPServer' binary. | 9.8 |