The researchers at SentinelLabs discovered a new Linux malware variant of the Acid Rain, under the name "AcidPour," which appeared in Ukraine. The discovery was made over the weekend, with the J. A. Guerrero-Saade, Vice President of SentinelLabs, to share interesting information via X (formerly Twitter).
See also: GTPDOOR Linux malware exploits GPRS networks
The original AcidRain malware appeared in March 2022, was heavily used during the 'Viasat hackwhich disrupted the modems KA-SAT Surfbeam2 the start of the Russian invasion of Ukraine.
Ο Tom Hegel, Principal Threat Researcher at SentinelLabs, has identified the new variant, created specifically for Devices Linux x86. Although the Linux malware AcidPour is similar to AcidRain in some respects, it differs significantly in its code, as it is built for x86 instead of MIPS.
Note that popular Linux distributions for x86 devices include Ubuntu, Mint, Fedora, and Fedora Debian. On the other hand, MIPS (Microprocessor without Interlocked Pipelined Stages) belongs to the category of instruction set architecture (ISA), which essentially defines the language that a microprocessor understands and uses. processor to execute commands. Similar to x86, it is a set of rules and specifications for how a processor should operate.
See also: Company announcement about the Free Download Manager site that spread Linux malware
AcidRain targeted common directories and device paths in embedded Linux distributions. The AcidPour Linux malware, however, introduces new elements, referencing Unsorted Block Images (UBI) and virtual block devices, associated with the Logical Volume Manager (LVM), suggesting a possible extension of the targets beyond previous iterations.
Despite the similarities, there are significant differences, including a separate deletion logic for devices such as LVMs, indicating a potentially sophisticated strategy by threat actors. The good news is that SentinelLabs has raised awareness of AcidPour among stakeholders in Ukraine, although the specific targets and scope of operation remain unclear.
The discovery shows how quickly malicious software can evolve threats, with attackers adapting their tactics to exploit vulnerable systems. Both users and businesses alike, need to monitor the cyber threats such as AcidRain and AcidPour.
See also: Magnet Goblin distributes Linux malware via 1-day flaws
What are the most effective methods to protect against Linux malware?
One of the most effective ways to protect against Linux malware, such as AcidPour, is to use a reliable security software. These programs usually include antivirus, antimalware and firewall programs that can detect and remove any attacks. Regularly updating the operating system and applications is another important way of protection. Also, the use of access rights and limited use of root is vital. Giving a program or user more privileges than necessary can open your system to attack.Finally, educating users on good security practices can be very effective.
Source: hackread
