Updated version of wiper malware used in Viasat hack emerges

CyberScoop reports that significant improvements have been implemented in the new variant of the AcidRain wiper malware leveraged by Russia to compromise satellite internet provider Viasat before its invasion of Ukraine to facilitate potentially more widespread state-sponsored attacks.

Such an updated variant dubbed "AcidPour," with its overhauled architecture, could compromise embedded devices' memory and further hamper data recovery through its new RAID array and UBI wiping capabilities, according to SentinelOne Principal Threat Actor Tom Hegel, who discovered the new variant. "The identification of impacting RAID, and Unsorted Block Image File Systems (UBIFS) used by embedded devices — which of course can span many types of real-world devices — is noteworthy. Embedded devices are particularly concerning as they often serve critical needs yet lack simple detection and recovery options if they were to be wiped," said Hegel, who expects that the malware could be distributed to network-attached storage devices, industrial control systems, internet-of-things devices, and other systems. Ukraine has already been alerted regarding the threat of the AcidPour malware.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.