Suspected Russian Data-Wiping ‘AcidPour’ Malware Targeting Linux x86 Devices

Suspected Russian Data-Wiping 'AcidPour' Malware Targeting Linux x86 Devices

March 19, 2024 at 06:48AM

A new variant of the data wiping malware AcidRain, named AcidPour, has been discovered, targeting Linux x86 devices. This ELF binary variant is designed to erase content from RAID arrays and UBI file systems. The specific targets and scale of the attacks are currently unknown. The discovery highlights the use of wiper malware for maximum impact.

From the meeting notes:

– A new variant of the data wiping malware AcidRain targeting Linux x86 devices has been discovered, named AcidPour.
– AcidPour is an ELF binary compiled for x86 (not MIPS) and is different from the original AcidRain codebase.
– AcidRain was initially used against KA-SAT modems from U.S. company Viasat during the early days of the Russo-Ukrainian war and was attributed to Russia by the Five Eyes nations, Ukraine, and the European Union.
– The new variant, AcidPour, is designed to erase content from RAID arrays and Unsorted Block Image (UBI) file systems.
– The intended victims of the attacks are not yet clear, although Ukrainian agencies have been notified.
– This discovery highlights the use of wiper malware to disable targets, even as threat actors continue to diversify their attack methods for maximum impact.

Full Article