New AcidPour data wiper targets Linux x86 network devices

A new destructive malware named AcidPour was spotted in the wild, featuring data-wiper functionality and targeting Linux x86 IoT and networking devices.
Data wipers are a category of malware designed for destructive attacks that delete files and data on targeted devices.
This type of malware is commonly used to disrupt an organization's operations for political reasons or as a distraction from a larger attack.
The new malware spotted by SentinelLabs' security researcher Tom Hegel, AcidPour, is considered a variant of the AcidRain data wiper.
AcidRain is a data wiping malware designed to erase files on routers and modems.
The malware was utilized in a cyberattack against satellite communications provider Viasat, which impacted service availability across Ukraine and Europe.
AcidPour was uploaded from Ukraine on March 16, 2024, which complicates tracing its operators, as AcidRain was used against the country in the past.
A thread on X by Juan Andrés Guerrero Saade provides some details about the new variant, though it is unknown whether it has been used in any attacks in the wild and who its targets might have been.
AcidPour shares many similarities with AcidRain, such as targeting specific directories and device paths common in embedded Linux distributions, but their codebase overlaps by an estimated 30%. This indicates either significant evolution or possibly a different origin.
Guerrero Saade says it's not unlikely that a different group of attackers replicated some of AcidRain's functionality.
AcidPour shares input/output control-based wiping logic with VPNFilter's 'dstr' plugin and AcidRain, indicating a continuation or adaptation of the previously documented malicious techniques.
The new malware includes references to '/dev/ubiXX' indicating a focus on embedded systems using flash memory.
There is also a reference to and '/dev/dm-XX', which are virtual block devices associated with Logical Volume Management, respectively.
Network Attached Storage devices, including QNAP and Synology, utilize LVM to manage RAID arrays.
These additions suggest that AcidPour might target a broader range of devices or systems than its predecessor, which targeted the more specific MIPS architecture.
The SentinelLabs analyst publicly shared the malware's hash and called on the security research community to participate in collaborative analysis and verification, as the targets and distribution volume are currently unknown.
Fujitsu found malware on IT systems, confirms data breach.
Hackers exploit Windows SmartScreen flaw to drop DarkGate malware.
Magnet Goblin hackers use 1-day flaws to drop custom Linux malware.
ScreenConnect flaws exploited to drop new ToddlerShark malware.


This Cyber News was published on www.bleepingcomputer.com. Publication date: Tue, 19 Mar 2024 14:35:29 +0000


Cyber News related to New AcidPour data wiper targets Linux x86 network devices

New AcidPour data wiper targets Linux x86 network devices - A new destructive malware named AcidPour was spotted in the wild, featuring data-wiper functionality and targeting Linux x86 IoT and networking devices. Data wipers are a category of malware designed for destructive attacks that delete files and data ...
9 months ago Bleepingcomputer.com
CVE-2024-40953 - In the Linux kernel, the following vulnerability has been resolved: ...
1 month ago
New BiBi-Windows Wiper Targets Windows Systems in Pro-Hamas Attacks - Cybersecurity researchers have warned about a Windows version of a wiper malware that was previously observed targeting Linux systems in cyber attacks aimed at Israel. Dubbed BiBi-Windows Wiper by BlackBerry, the wiper is the Windows counterpart of ...
1 year ago Thehackernews.com
Fake F5 BIG-IP zero-day warning emails push data wipers - The Israel National Cyber Directorate warns of phishing emails pretending to be F5 BIG-IP zero-day security updates that deploy Windows and Linux data wipers. Israel's National Cyber Directorate acts as the CERT responsible for protecting the country ...
1 year ago Bleepingcomputer.com
How to perform a proof of concept for automated discovery using Amazon Macie | AWS Security Blog - After reviewing the managed data identifiers provided by Macie and creating the custom data identifiers needed for your POC, it’s time to stage data sets that will help demonstrate the capabilities of these identifiers and better understand how ...
2 months ago Aws.amazon.com
CVE-2024-36886 - In the Linux kernel, the following vulnerability has been resolved: ...
5 months ago
Vulnerability Summary for the Week of March 4, 2024 - Published 2024-03-06 CVSS Score not yet calculated Source & Patch Info CVE-2023-52584416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - ...
9 months ago Cisa.gov
CVE-2024-46763 - In the Linux kernel, the following vulnerability has been resolved: ...
3 months ago
Vulnerability Summary for the Week of March 11, 2024 - Published 2024-03-15 CVSS Score not yet calculated Source & Patch Info CVE-2021-47111416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - Product linux - linux Description In the ...
9 months ago Cisa.gov
Sandworm APT targets Ukraine with new SwiftSlicer wiper - Russia-linked Sandworm APT group is behind a new Golang-based wiper, tracked as SwiftSlicer, that hit Ukraine, ESET reports. Researchers from ESET discovered a new Golang-based wiper, dubbed SwiftSlicer, that was used in attacks aimed at Ukraine. The ...
1 year ago Securityaffairs.com
CVE-2021-47092 - In the Linux kernel, the following vulnerability has been resolved: ...
9 months ago
CVE-2022-48763 - In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Forcibly leave nested virt when SMM state is toggled Forcibly leave nested virtualization operation if userspace toggles SMM state via KVM_SET_VCPU_EVENTS or ...
6 months ago Tenable.com
CVE-2021-47230 - In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Immediately reset the MMU context when the SMM flag is cleared Immediately reset the MMU context when the vCPU's SMM flag is cleared so that the SMM flag in the MMU role is ...
7 months ago Tenable.com
Sandworm APT Group Adds New Wiper Malware to Its Hacking Toolkit - ESET researchers have recently uncovered that the notorious Sandworm APT group has added a new wiper malware to its hacking toolkit. The wiper is based on a command-line utility from Microsoft called SDelete, which is used for securely deleting ...
1 year ago Cybersecuritynews.com
CVE-2024-26626 - In the Linux kernel, the following vulnerability has been resolved: ...
9 months ago
New Report Uncovers NikoWiper Malware Used to Attack Ukraine Energy Sector - The Russia-affiliated Sandworm used yet another wiper malware strain dubbed NikoWiper as part of an attack that took place in October 2022 targeting an energy sector company in Ukraine. The NikoWiper is based on SDelete, a command line utility from ...
1 year ago Thehackernews.com
CVE-2021-47169 - In the Linux kernel, the following vulnerability has been resolved: ...
8 months ago
CVE-2021-3675 - Improper Input Validation vulnerability in synaTEE.signed.dll of Synaptics Fingerprint Driver allows a local authorized attacker to overwrite a heap tag, with potential loss of confidentiality. This issue affects: Synaptics Synaptics Fingerprint ...
1 year ago
Best Practices to Protect Your Networks from the New SWIFTSlicer Wiper Malware - Hackers are using a new malware called SWIFTSlicer Wiper to wreak havoc on the Windows domain infrastructure. This vicious new security threat is specially designed to detect and target vulnerable domain networks and wipe out the data stored within ...
1 year ago Bleepingcomputer.com
Network Protection: How to Secure a Network - Network security protects and monitors the links and the communications within the network using a combination of hardware, software, and enforced policies. Best practices for network security directly counter the major threats to the network with ...
7 months ago Esecurityplanet.com
CVE-2021-41769 - A vulnerability has been identified in SIPROTEC 5 6MD85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MD86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MD89 devices (CPU variant CP300) (All versions < ...
2 years ago
How Swiftslicer Malware Wiper is Affecting Ukrainian Companies - Recent reports have revealed the emergence of Swiftslicer, a destructive wiper malware, in Ukraine. This malware targets computer networks in order to cause wide-spread data loss, disrupting operations of its victims. This development is especially ...
1 year ago Welivesecurity.com
Why Use a VLAN? Unveiling the Benefits of Virtual LANs in Network Security - Virtual Local Area Networks, or VLANs, serve as a critical computing technology designed for effective network traffic management. How VLANs function within a network environment revolves around effectively managing and directing network traffic. ...
11 months ago Securityboulevard.com
CVE-2024-50117 - In the Linux kernel, the following vulnerability has been resolved: drm/amd: Guard against bad data for ATIF ACPI method If a BIOS provides bad data in response to an ATIF method call this causes a NULL pointer dereference in the caller. ``` ? ...
1 month ago Tenable.com
CVE-2024-26805 - In the Linux kernel, the following vulnerability has been resolved: netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter syzbot reported the following uninit-value access issue [1]: netlink_to_full_skb() creates a new `skb` and puts the ...
8 months ago Tenable.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)