Acidpour

Malware updated 3 months ago (2024-08-14T09:25:11.747Z)

Download STIX

Preview STIX

AcidPour is a newly identified malware variant that has been specifically designed to target Linux x86 devices. As a malicious software, AcidPour exploits and damages the targeted systems, potentially stealing personal information, disrupting operations, or holding data hostage for ransom. It infiltrates systems through suspicious downloads, emails, or websites, often without the user's knowledge. The distinguishing feature of AcidPour is its ELF binary compiled for x86, as opposed to MIPS. This indicates a significant shift in the codebase, with researchers noting less than 30% similarity when compared to other architectures. The malware references similar devices and strings, but it is largely a different codebase, making it a unique threat in the cybersecurity landscape. Given its potential for harm, the emergence of AcidPour warrants immediate attention from system administrators, IT professionals, and security teams. Its ability to target Linux x86 devices poses a significant risk to organizations relying on these systems. Ongoing analysis and countermeasures are required to mitigate the impact of this new variant of malware.

Description last updated: 2024-08-14T08:48:24.696Z

What's your take? (Question 1 of 4)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Acidrain is a possible alias for Acidpour. AcidRain is a malicious software, or malware, that was first described in March, following a cyberattack that disrupted approximately 10,000 satellite modems associated with communications provider Viasat's KA-SAT network. The malware was discovered by cybersecurity firm SentinelOne in February 2022	3

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Linux

Wiper

Ics

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

Alias Description	Association Type	Votes
The Sandworm Threat Actor is associated with Acidpour. Sandworm, a threat actor linked to Russia, has been identified as the primary cyber attack unit supporting Russian military activities in Ukraine. This group is notorious for its sophisticated and disruptive cyber attacks, including the compromise of 11 Ukrainian telecommunications providers which c	Unspecified	2

Source Document References

Information about the Acidpour Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Securityaffairs	3 months ago	SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 6
Securityaffairs	4 months ago	security-affairs-malware-newsletter-round-5
Securityaffairs	4 months ago	Security Affairs Malware Newsletter - Round 3
Securityaffairs	4 months ago	Security Affairs Malware Newsletter - Round 3
Securityaffairs	4 months ago	Security Affairs Malware Newsletter - Round 2
Securityaffairs	4 months ago	Security Affairs Malware Newsletter - Round 1
Securityaffairs	5 months ago	Security Affairs newsletter Round 478 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	5 months ago	Security Affairs newsletter Round 477 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	5 months ago	Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	6 months ago	Security Affairs newsletter Round 473 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	7 months ago	Security Affairs newsletter Round 470 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	7 months ago	Security Affairs newsletter Round 469 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	7 months ago	Security Affairs newsletter Round 467 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	7 months ago	Security Affairs newsletter Round 466 by Pierluigi Paganini
Securityaffairs	8 months ago	Security Affairs newsletter Round 465 by Pierluigi Paganini
Securityaffairs	8 months ago	Security Affairs newsletter Round 464 by Pierluigi Paganini
DARKReading	8 months ago	Russian APT Releases More Deadly Variant of AcidRain Wiper Malware
InfoSecurity-magazine	8 months ago	New AcidPour Wiper Targeting Linux Devices Spotted in Ukraine
Securityaffairs	8 months ago	New AcidPour wiper targets Linux x86 devices.