A fresh iteration of the data-wiping malware, AcidRain, has emerged in the wild, specifically tailored to infiltrate Linux x86 devices.
Dubbed AcidPour, this malware variant is compiled for Linux x86 systems, as stated by Juan Andres Guerrero-Saade from SentinelOne in a series of posts on X.
“The latest variant […] is an ELF binary compiled for x86 (not MIPS) and, though it bears resemblance to previous iterations in terms of devices/strings, it features a significantly distinct codebase,” highlighted Guerrero-Saade.
AcidRain first surfaced during the early stages of the Russo-Ukrainian conflict, where it was employed against KA-SAT modems provided by U.S. satellite entity Viasat.
An ELF binary compiled for MIPS architectures possesses the capability to wipe the filesystem and various recognized storage device files by recursively traversing common directories across most Linux distributions.
Cybersecurity The cyber assault was subsequently attributed to Russia by the Five Eyes alliance, in conjunction with Ukraine and the European Union.
Dubbed AcidPour, this new variant is engineered to obliterate data from RAID arrays and Unsorted Block Image (UBI) file systems by including file paths such as “/dev/dm-XX” and “/dev/ubiXX,” respectively.
The identity of the intended targets remains uncertain at present, although SentinelOne disclosed that Ukrainian authorities have been notified. The precise scale of the attacks is currently undisclosed.
This discovery once again underscores the utilization of wiper malware to debilitate targets, even as threat actors continue to diversify their methods of attack to maximize impact.
