SonicWall has released a fresh software update for its SMA 100 appliances to help users remove the Overstep malware deployed in a recent campaign.
As part of the attacks, flagged in July by Google’s Threat Intelligence Group, a threat actor tracked as UNC6148 infected fully patched SMA appliances with a persistent backdoor and user-mode rootkit that supports credential, session token, and one-time password seed theft.
The threat actor likely used local administrator credentials that were stolen in previous attacks, before devices were patched, through the exploitation of known vulnerabilities, such as CVE-2025-32819, CVE-2024-38475, CVE-2021-20035, CVE-2021-20038, and CVE-2021-20039.
In July, Google released indicators-of-compromise (IoCs) and detection rules to help SonicWall customers identify and block potential UNC6148 attacks.
This week, SonicWall announced the release of SMA 100 software version 10.2.2.2-92sv, which includes “additional file checking, providing the capability to remove known rootkit malware present on the SMA devices”.
All SMA 210, 410, and 500v appliances running 10.2.1.15-81sv and earlier software versions are impacted, SonicWall notes.
The company urges all organizations using SMA 100 series appliances to review and implement security steps outlined in its July advisory.
Earlier this month, SonicWall announced it will no longer offer support for SMA100 devices starting October 1, 2025, urging customers to transition to “more secure, modern remote access solutions” and offering free replacement options for eligible SMA100 appliances.
“Due to significant vulnerabilities presented by legacy VPN appliances, SonicWall will be deactivating all SMA100 appliances on October 31, 2025. Following this date, all SMA100 appliances will lose connectivity and no longer function. To ensure uninterrupted security and connectivity, partners and customers will need to migrate to an alternative SonicWall solution before October 31, 2025,” the company notes.
SonicWall may continue to provide support to SMA100 appliances that have support expiration dates extending beyond October 31, 2027.
Related: SonicWall Prompts Password Resets After Hackers Obtain Firewall Configurations
Related: Libraesva Email Security Gateway Vulnerability Exploited by Nation-State Hackers
Related: Remote CarPlay Hack Puts Drivers at Risk of Distraction and Surveillance
Related: Hundreds of Pagers Exploded in Lebanon and Syria in a Deadly Attack. Here’s What We Know.
