New AcidPour Wiper Targeting Linux Devices Spotted in Ukraine

READ ARTICLE

By: Kevin Poireault Reporter, Infosecurity Magazine

A new variant of the wiper malware AcidRain, known as AcidPour, has been discovered by SentinelOne’s threat intelligence team, SentinelLabs.

AcidRain is destructive wiper malware attributed to Russian military intelligence.

In May 2022, AcidRain was used in a broad-scale cyber-attack against Viasat’s KA-SAT satellites in Ukraine.

The malware rendered KA-SAT modems inoperative in Ukraine and caused additional disruptions throughout Europe at the onset of the Russian invasion.

AcidPour Shows Proximity with AcidRain

On March 16, 2024, SentinelLabs researchers Juan Andrés Guerrero-Saade and Tom Hegel began  observing a suspicious Linux binary uploaded from Ukraine.

They quickly realized that this activity showed surface similarities with malicious activities originating from AcidRain.

The new malware they observed also showed behaviors similar to AcidRain’s, such as targeting specific directories and device paths common in embedded Linux distributions.