March 19, 2024 at 10:36AM
A new destructive malware named AcidPour was identified, targeting Linux x86 IoT and networking devices. It shares characteristics with AcidRain, a data-wiping malware, potentially pointing to an evolution or different origin. The malware’s expanded reach raises concerns, and public collaboration in analyzing and verifying its impact is encouraged by security researcher Tom Hegel.
From the meeting notes, it is clear that a new destructive malware named AcidPour has been identified, targeting Linux x86 IoT and networking devices. AcidPour shares similarities with AcidRain, a data wiper malware that was utilized in a cyberattack against satellite communications provider Viasat, impacting service availability across Ukraine and Europe.
AcidPour was uploaded from Ukraine on March 16, 2024, complicating the tracing of its operators. It is uncertain whether AcidPour has been used in any attacks in the wild and who its targets might have been.
The new variant, AcidPour, shares many similarities with AcidRain in terms of targeting specific directories and device paths common in embedded Linux distributions, with an estimated 30% codebase overlap. This indicates significant evolution or possibly a different origin. There are also indications of its focus on embedded systems using flash memory and Logical Volume Management (LVM) associated with Network Attached Storage devices.
The meeting notes emphasize the need for collaborative analysis and verification of the malware, as the targets and distribution volume are currently unknown. Rob Joyce, the NSA’s Director of Cybersecurity, has warned of the elevated concern, considering AcidPour as a more powerful variant that covers a broader range of hardware and operating system types.
The threat posed by AcidPour is a priority, and collaborative efforts within the security research community are crucial in addressing this new and potentially more destructive malware.