A new variant of data-wiping malware called AcidRain, designed to target Linux x86 devices, has been detected in the wild.
SentinelOne’s Juan Andres Guerrero-Saade said in a series of posts on X that the malware, called AcidPour, was compiled for Linux x86 devices.
“New variant […] is an ELF binary compiled for x86 (not MIPS), and while it references similar devices/strings, its codebase is very different,” Guerrero-Saade famous.
AcidRain was first exposed during the early days of the Russo-Ukrainian war, when the malware was deployed against the KA-SAT modems of the American satellite company Viasat.
ELF binaries compiled for the MIPS architecture are capable of erasing file systems and different known storage device files by recursively iterating through the common directories of most Linux distributions.
Five Eyes countries, Ukraine and the European Union later blamed Russia for the cyber attack.
AcidPour (the name of the new variant) is designed to wipe RAID arrays and Unsorted Block Image (UBI) file systems by adding file paths such as “/dev/dm-XX” and “/dev/ubiXX” respectively. Content.
It’s unclear who the intended victim was, but SentinelOne said it had notified Ukrainian agencies. The exact scale of the attack was not immediately clear.
This discovery once again highlights the use of wiper malware to degrade targets, even as threat actors are diversifying their attack methods for maximum impact.
