A new variant of the notorious data-wiping malware known as AcidRain, aptly named AcidPour, has been unveiled, targeting Linux x86 devices with unprecedented precision.
SentinelOne’s cybersecurity expert, Juan Andres Guerrero-Saade, shed light on this evolving threat in a series of insightful posts, revealing the complex nature of AcidPour.
Unlike its predecessor, AcidPour is tailored for Linux x86 systems and boasts a significantly divergent codebase, enhancing its destructive capabilities. Guerrero-Saade explained:
[blockquote text=”The new variant (…) is an ELF binary compiled for x86 (not MIPS), and while it refers to similar devices/strings, it’s a largely different codebase.”]
Originally surfacing during the early skirmishes of the Russo-Ukrainian conflict, AcidRain made headlines for its deployment against KA-SAT modems by the American satellite giant, Viasat.
This initial strain, designed for MIPS architectures, demonstrated the ability to obliterate filesystems and various storage devices by methodically traversing common Linux directories.
The international community, including the Five Eyes alliance, Ukraine, and the European Union, pointed fingers at Russia for these cyber offensives.
AcidPour distinguishes itself through its adeptness in eradicating data from RAID arrays and UBI (Unsorted Block Image) file systems, indicating an expansion in its target spectrum. Adding specific file paths such as “/dev/dm-XX” and “/dev/ubiXX” underscores its refined focus.
Although the primary targets remain mysterious, SentinelOne has proactively communicated its findings to Ukrainian entities, underlining the potential geopolitical implications.
The advent of AcidPour underscores a disturbing trend in using wiper malware to incapacitate strategic targets, diversifying the arsenal available to cyber adversaries.
Highlighting the escalated threat landscape, the esteemed director of cybersecurity at the U.S. National Security Agency, Rob Joyce, cautioned:
[blockquote text=”This variant is a more powerful AcidRain variant, covering more hardware and operating system types.”]
Furthermore, the AhnLab Security Intelligence Center (ASEC) has unveiled a surge in brute-force and dictionary attacks against inadequately secured Linux systems.
These attacks aim to establish backdoor entries for sustained malevolent activities, including the deployment of ransomware, cryptocurrency mining bots, and DDoS agents like Tsunami, ShellBot, and the KONO DIO DA miner.
The strategic manipulation of root account passwords and the insertion of SSH keys for password-less access are among the tactics employed by these nefarious actors.
As cyber threats become increasingly sophisticated, ensuring the security of your digital infrastructure is paramount. Using the best VPN can serve as a critical layer of defense, encrypting data and masking IP addresses, thereby reducing the risk of falling victim to such targeted attacks.