AcidPour: A New Threat to Network Devices

BadBox Malware

AcidPour: A New Threat to Network Devices

Introduction

AcidPour is a new malware variant that has been spotted in the wild. This destructive malware targets Linux x86 network devices and Internet of Things (IoT) appliances. It is considered a data wiper, one of the most destructive forms of malware. Its primary goal is to destroy or wipe all data found on the compromised endpoint.

netfilter-rootkit-sensorstechforum-1024x585 AcidPour: A New Threat to Network Devices

AcidPour and AcidRain

AcidPour is believed to be a variant of AcidRain, a data wiper first spotted two years ago. AcidRain was used by Russian hackers at the start of the invasion on Ukraine, targeting devices belonging to satellite communications provider Viasat. AcidPour’s code overlaps with that of AcidRain by roughly 30%, enough to be considered a distant relative.

AcidPour’s Targets

The key difference between AcidRain and AcidPour is that the latter seems to be targeting a wider array of devices. However, at this time, the researchers are not sure who the targets were, if they were any in the first place.

It’s Focus on Embedded Systems

The new malware includes references to ‘/dev/ubiXX’, indicating a focus on embedded systems using flash memory. Embedded systems are computer systems with a dedicated function within a larger mechanical or electrical system. They are designed to perform a specific task and can be found in various devices from digital watches to complex avionics.

AcidPour and Logical Volume Management

There is also a reference to ‘/dev/dm-XX’, which are virtual block devices associated with Logical Volume Management (LVM). LVM is a storage device management technology that gives users the power to pool and abstract the physical layout of component storage devices for flexible administration.

AcidPour and Network Attached Storage Devices

Network Attached Storage (NAS) devices, including QNAP and Synology, utilize LVM to manage RAID arrays. NAS is a centralized file server, which allows multiple users to store and share files over a network. QNAP and Synology are both very recognizable brands in the NAS space.

Conclusion

AcidPour represents a significant threat to network devices. Its focus on embedded systems and LVM, as well as its potential impact on NAS devices, make it a malware variant to watch. As always, it is crucial to keep systems updated and to follow best practices for cybersecurity to mitigate the risk of such threats.


You think you have a story worth everyone’s time? SUBMIT A STORY and we will publish it.

Share this content:

1 comment

comments user
Video Downloader

The article’s detailed analysis of industry-specific challenges provides practical insights that are highly relevant for practitioners.

Post Comment