AcidPour: New Linux Wiper Threat Targets x86 Devices

Security researchers at SentinelLabs have uncovered a new variant of the wiper, AcidRain, meticulously engineered for assaults on Linux x86 devices.

Dubbed AcidPour, this malicious entity manifests as a binary ELF file, tailored for execution on Linux x86 systems, boasting a codebase starkly distinct from that of AcidRain.


AcidPour’s design is to obliterate contents within RAID arrays and UBIFS (Unsorted Block Image File System, UBI), by targeting paths such as “/dev/dm-XX” and “/dev/ubiXX” respectively.

The identity of the victims remains uncertain at this juncture, though SentinelOne has notified Ukrainian federal agencies. The full extent of the assaults is currently indeterminate.

AcidRain first entered the public consciousness in 2022 when the malware was deployed to target modems of the KA-SAT network owned by the American satellite firm, Viasat. The binary ELF file, compiled for MIPS architectures, possesses the capability to erase the file system and various files from known storage by recursively navigating through directories common to most Linux distributions.