Linux x86 Network Devices The Target Of AcidPour Data Wiper

AcidPour malware a variant of AcidRain has been detected targeting Linux x86 IoT and networking devices.It features data wiping capabilities and shares similarities with AcidRain including targeting specific directories common in embedded Linux distributions. About 30% of their codebase overlaps. AcidPour employs input/output control (IOCTL)-based wiping logic similar to VPNFilters dstr plugin and AcidRain suggesting a continuation or adaptation of known malicious techniques. The malware references /dev/ubiXX indicating a focus on embedded systems using flash memory and /dev/dm-XX associated with Logical Volume Management (LVM) which is commonly used in Network Attached Storage devices like QNAP and Synology for managing RAID arrays.