HQ/EMEAFind out how we can help your business
A new malware strain called AcidPour has emerged in the threat landscape, and it targets Linux x86 network devices. Based on reports, the new strain is a data-wiper virus that aims to destroy files and data on its target machines.
Hackers frequently use these kinds of malware to interfere with organisational functions for political purposes or to draw attention away from more serious assaults.
AcidPour appears to be a variation of the previously discovered AcidRain data wiper, which gained notoriety for its involvement in a cyberattack against the satellite communications company Viasat that caused service interruptions throughout Europe and Ukraine.
Given AcidRain’s prior connection to attacks on the nation, AcidPour’s origins make it challenging for threat analysts to track down its operators.
AcidPour malware is still a dormant threat that has yet to acquire a confirmed attack in the digital landscape.
AcidPour attack is still a mystery since it remains unclear whether malware operators have been deployed in any real-world attacks and what its specific targets might be.
Comparisons between AcidPour and AcidRain reveal significant overlaps in their functionalities since researchers identified 30% codebase similarity. This detail implies either substantial evolution or potentially a different source for AcidPour.
Moreover, this malware shares wiping logic based on input/output control (IOCTL) with VPNFilter’s ‘dstr’ plugin and AcidRain, showing a potential continuation or adaptation of previously documented malicious tactics.
However, some of the most notable additions to AcidPour’s capabilities include references to ‘/dev/ubiXX’ and ‘/dev/dm-XX’, indicating a focus on attached systems using flash memory and devices associated with Logical Volume Management (LVM), respectively.
These inclusions suggest that the malware may have a wider target scope than its predecessor, primarily focused on the MIPS architecture.
Recognising the severity of this threat, the NSA’s Director of Cybersecurity emphasised the importance of vigilance, noting that AcidPour represents a more potent variant of AcidRain, with the ability to target a broader range of hardware and operating system types.
Furthermore, a research group made the malware’s hash publicly available, urging the security research community to collaborate in analysing and verifying AcidPour, as its targets and distribution volume remain unknown.
