Data-Wiping Malware Dubbed AcidPour Strikes Linux x86 Systems

by | Mar 20, 2024 | News

Post Views: 369

Join our Patreon Channel and Gain access to 70+ Exclusive Walkthrough Videos.

Reading Time: 3 Minutes

A new variant of the data-wiping malware known as AcidRain has emerged, specifically tailored to target Linux x86 devices.

Dubbed AcidPour, this variant represents a notable evolution, compiled specifically for Linux x86 devices, as highlighted by Juan Andres Guerrero-Saade from SentinelOne in a series of posts on X.

Unlike its predecessor AcidRain, which initially surfaced during the Russo-Ukrainian war and targeted KA-SAT modems from U.S. satellite company Viasat, AcidPour employs a distinct codebase and focuses on Linux x86 architecture.

Originally an ELF binary compiled for MIPS architectures, AcidRain demonstrated capabilities in wiping filesystems and known storage device files across Linux distributions by recursively scanning common directories.

Attributed to Russia by the Five Eyes nations, along with Ukraine and the European Union, the cyber attack has now evolved with AcidPour, aiming to erase content from RAID arrays and Unsorted Block Image (UBI) file systems by targeting file paths like “/dev/dm-XX” and “/dev/ubiXX,” respectively.

J. A. Guerrero-Saade – X post

See Also: So, you want to be a hacker?
Offensive Security, Bug Bounty Courses

Discover your weakest link. Be proactive, not reactive. Cybercriminals need just one flaw to strike.

While the specific targets of AcidPour remain unclear, SentinelOne has notified Ukrainian agencies, although the extent of the attacks is yet to be determined.

This discovery highlights once again the prevalent use of wiper malware to incapacitate targets, as threat actors continue to diversify their attack methods to maximize impact.

Director of Cybersecurity at the U.S. National Security Agency, Rob Joyce, issued a warning regarding AcidPour, labeling it as a more potent variant of AcidRain, with broader hardware and operating system coverage.

Simultaneously, the AhnLab Security Intelligence Center (ASEC) unveiled a concerning trend wherein threat actors are leveraging brute-force and dictionary attacks against inadequately secured Linux systems to establish backdoor accounts for persistent access.

Trending: Recon Tool: SiCat

According to ASEC, attackers utilize various methods to add new accounts, including altering the root account password and registering SSH keys for passwordless login.

Subsequently, this unauthorized access is exploited to deploy various malware strains, including ransomware, cryptocurrency miners, and DDoS bots such as Tsunami, ShellBot, and the KONO DIO DA miner, emphasizing the critical need for enhanced cybersecurity measures to safeguard against evolving threats.

Are u a security researcher? Or a company that writes articles about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing? If you want to express your idea in an article contact us here for a quote: [email protected]

Source: thehackernews.com

Source Link