AcidPour Malware targets Linux x86 devices

A new variant of the notorious data-wiping malware AcidRain, dubbed AcidPour, has emerged, specifically targeting Linux x86 devices.

This revelation comes from cybersecurity researcher Juan Andres Guerrero-Saade of SentinelOne. Unlike its predecessor, AcidPour is compiled for x86 architecture, signaling a significant departure in its codebase. AcidRain initially surfaced during the early stages of the Russo-Ukrainian conflict, where it targeted KA-SAT modems owned by Viasat, a U.S. satellite company. The malware, linked to Russia by the Five Eyes nations, Ukraine, and the European Union, was capable of wiping filesystems and known storage device files on MIPS architectures.

However, AcidPour takes a more targeted approach, aiming to erase content from RAID arrays and Unsorted Block Image (UBI) filesystems. By incorporating file paths like “/dev/dm-XX” and “/dev/ubiXX,” it demonstrates a shift in tactics, potentially widening its scope of impact. Despite this advancement, the specific targets of AcidPour remain uncertain, although SentinelOne has alerted Ukrainian agencies to the threat. The scale of these attacks is still being assessed, leaving the full extent of the damage unknown.


This discovery underscores the persistent threat posed by wiper malware, highlighting the evolving strategies of threat actors seeking maximum disruption. As cybersecurity measures continue to advance, so too do the tactics employed by malicious actors, necessitating ongoing vigilance and proactive defense measures. The emergence of AcidPour serves as a stark reminder of the ever-present danger of cyberattacks and the need for continued efforts to safeguard critical systems and infrastructure.