"New AcidRain Data Wiper Malware Targets Modems and Routers"

AcidRain is a newly discovered data wiper malware that has been wiping routers and modems. According to researchers at SentinelOne, the malware is loosely linked to a cyberattack that targeted the KA-SAT satellite broadband service on February 24, which impacted thousands in Ukraine and tens of thousands across Europe. AcidRain is designed to brute-force device file names and wipe every discoverable file, thus making it easy to deploy again in future attacks. It was first detected on March 15 after it was uploaded to the VirusTotal malware analysis platform by an IP address in Italy as a 32-bit MIPS ELF binary with the "ukrop" filename. When it is deployed, it passes through the entire filesystem of the compromised router or modem, wiping flash memory, SD/MMC cards, virtual block devices, and more, using all possible device identifiers. The wiper uses MEMGETINFO, MEMUNLOCK, MEMERASE, and MEMWRITEOOB input/output control (IOCTL) system calls or overwrites file contents with up to 0x40000 bytes of data in order to destroy data. When AcidRain is finished wiping data, the malware reboots the compromised devices, leaving them unusable. This article continues to discuss the AcidRain data-wiping malware, its possible link to the KA-SAT cyberattack, and other data wipers that have been deployed against Ukraine this year. 

Bleeping Computer reports "New AcidRain Data Wiper Malware Targets Modems and Routers"