[MART] - Daily Diary #482 - Meet Acid Rain, a New Wiper that Targets Routers

CTAS-MAT ctas-mat at appgate.com
Thu Mar 31 21:24:50 UTC 2022

I hope everyone is doing well!

Below is the entry for today.

03/31/2022 - Diary entry #482

On our Daily Diary #412 we covered wipers, a type of malware focused on destroying devices and/or deleting files and data. Unlike Ransomware, that demand a ransom payment to recover the files, wipers just cause a lot of damage to disrupt operations. For that reason, they are not profitable by themselves, and are not commonly found in the wild.

This week, a new type of Wiper was disclosed. Named Acid Rain, instead of targeting computers and personal files, it targets routers and modems. After it's deployed on the routers, it wipes flash memory, SD/MMC cards, and all virtual block devices, using IOCTL system calls.

This malware payload was found in VirusTotal under the name ukrop, what seems to be a short for Ukrainian Operation. That indicates that maybe this malware is also a piece being used during the Russia-Ukraine conflict, just like the recent wipers we covered on our Daily Diaries #462 and #470.

This incident is yet another example of how modern wars use malware as weapons. By deploying this kind of malware into a vulnerable institution, it can cause severe damage to the infrastructure and take down important systems.

Kind Regards,


[https://d3aafpijpsak2t.cloudfront.net/images/Signature/likedin@2x.png]<https://www.linkedin.com/company/appgate-security/>     [https://d3aafpijpsak2t.cloudfront.net/images/Signature/twitter@2x.png] <https://twitter.com/AppgateSecurity>   [https://d3aafpijpsak2t.cloudfront.net/images/Signature/youtube@2x.png] <https://www.youtube.com/channel/UC-8GvxcZbm-R3EJNl8jYjiQ>

Felipe Duarte Domingues
Security Researcher

E: felipe.duarte at appgate.com<mailto:felipe.duarte at appgate.com>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/mart/attachments/20220331/ae9e69a3/attachment.htm>

More information about the MART mailing list