It has been discovered that a new variation of a data-erasing malware, known as AcidPour Malware, has been discovered in the wild. This particular variant is meant to particularly target Linux x86 machines.

In a series of posts on X, Juan Andres Guerrero-Saade of SentinelOne stated that the malicious software, which has been given the name AcidPour Malware, has been developed for Linux x86 systems.

“The new variant […] is an ELF binary compiled for x86 (not MIPS) and while it refers to similar devices/strings, it’s a largely different codebase,” according to Guerrero-Saade.

AcidPour Malware was discovered for the first time in the early stages of the conflict between Russia and Ukraine. At that time, the malware was being used to attack KA-SAT modems manufactured by the American satellite corporation Viasat.

Recursively iterating over popular folders for the majority of Linux distributions is the method by which an ELF binary that has been produced for MIPS architectures is able to delete the filesystem as well as various files that are associated with known storage devices.

The states that make up the Five Eyes, along with Ukraine and the European Union, have later determined that Russia was responsible for the cyber attack.

The new variant, which is referred to as AcidPour, is intended to remove data from RAID arrays and Unsorted Block Image (UBI) file systems by incorporating file paths such as “/dev/dm-XX” and “/dev/ubiXX,” the latter of which is the case.

Nonetheless, SentinelOne has stated that it has informed Ukrainian agencies about the situation; it is currently unclear who the targeted victims are. At this point in time, the precise magnitude of the attacks are unknown.

Despite the fact that threat actors are broadening their attack methodologies in order to achieve maximum impact, the revelation once again highlights the usage of wiper malware to cripple targets.



Rhyno delivers a range of activities that combine to fully protect your infrastructure and data from cybercriminals, anywhere and everywhere, 24/7/365.


About Rhyno Cybersecurity Services

Rhyno Cybersecurity is a Canadian-based company focusing on 24/7 Managed Detection and Response, Penetration Testing, Enterprise Cloud, and Cybersecurity Solutions for small and midsize businesses.

Our products and services are robust, innovative, and cost-effective. Underpinned by our 24x7x365 Security Operations Centre (SOC), our experts ensure you have access to cybersecurity expertise when you need it the most.

This website uses cookies to improve your online experience. By continuing, we will assume that you are agreeing to our use of cookies. For more information, visit our Cookie Policy.

Privacy Preference Center