Alert: Ravaging AcidPour Malware Strikes Linux x86 Devices

It has been discovered that a new variation of a data-erasing malware, known as AcidPour Malware, has been discovered in the wild. This particular variant is meant to particularly target Linux x86 machines.

In a series of posts on X, Juan Andres Guerrero-Saade of SentinelOne stated that the malicious software, which has been given the name AcidPour Malware, has been developed for Linux x86 systems.

“The new variant […] is an ELF binary compiled for x86 (not MIPS) and while it refers to similar devices/strings, it’s a largely different codebase,” according to Guerrero-Saade.

AcidPour Malware was discovered for the first time in the early stages of the conflict between Russia and Ukraine. At that time, the malware was being used to attack KA-SAT modems manufactured by the American satellite corporation Viasat.

Recursively iterating over popular folders for the majority of Linux distributions is the method by which an ELF binary that has been produced for MIPS architectures is able to delete the filesystem as well as various files that are associated with known storage devices.

The states that make up the Five Eyes, along with Ukraine and the European Union, have later determined that Russia was responsible for the cyber attack.

The new variant, which is referred to as AcidPour, is intended to remove data from RAID arrays and Unsorted Block Image (UBI) file systems by incorporating file paths such as “/dev/dm-XX” and “/dev/ubiXX,” the latter of which is the case.

Nonetheless, SentinelOne has stated that it has informed Ukrainian agencies about the situation; it is currently unclear who the targeted victims are. At this point in time, the precise magnitude of the attacks are unknown.

Despite the fact that threat actors are broadening their attack methodologies in order to achieve maximum impact, the revelation once again highlights the usage of wiper malware to cripple targets.

SOURCE