It Never Just Rains, It Pours

New Wiper Malware “AcidPour” Targets Linux x86 Devices

Rob Joyce (NSA Cyber Director) Comments on the Acid Variants

This is a threat to watch. My concern is elevated because this variant is a more powerful AcidRain variant, covering more hardware and operating system types.

New Wiper Malware “AcidPour” Targets Linux x86 Devices
New Wiper Malware “AcidPour” Targets Linux x86 Devices

What do we know about the Acid Variants?

Acidrain and AcidPour are both malicious software programs, but they have some key differences:


  • Origin: First discovered in March 2022.
  • Target: Primarily embedded Linux systems, like those used in routers and modems.
  • Function: Acts as a data wiper, deleting files and rendering devices inoperable.
  • Impact: AcidRain was used in a cyberattack against Viasat, a satellite communications provider, disrupting service across Ukraine and Europe.


  • Origin: A variant of AcidRain discovered in March 2024, specifically targeting Linux x86 network devices (common desktop and server operating systems).
  • Function: Similar to AcidRain, it wipes data and disrupts operations.
  • Connection: While related to AcidRain, AcidPour has significant codebase differences, suggesting it might be a more sophisticated version or potentially from a different group.
  • Target: The specific targets of AcidPour are still unclear, but its discovery in Ukraine raises concerns due to AcidRain’s prior use there.

Here’s a table summarizing the key points:

OriginMarch 2022March 2024, variant of AcidRain
TargetEmbedded Linux systemsLinux x86 network devices (common OS)
FunctionData wiperData wiper
ImpactDisrupted communicationPotential disruption, investigation ongoing
Connection to UkraineUsed in cyberattackDiscovered in Ukraine, target unclear
AcidRaind, AcidPour Key Points

For more information on AcidPour – Click Here

For more posts – Click Here