The AcidBox malware is a threat that appears to have been active for two years approximately. However, cybersecurity researchers have spotted this threat only in June 2020. This is likely due to the low infection rate of the AcidBox threat. This malware appears to go after certain known vulnerabilities in VirtualBox software. Vulnerabilities in sandbox environments tend only to be targeted by high-profile cybercrime organizations such as the Turla APT (Advanced Persistent Threat).
After dissecting the AcidBox malware, security researchers have concluded that it is unlikely that this threat is created by the Turla APT, despite the fact that this hacking group is utilizing the same VirtualBox software vulnerabilities. However, the AcidBox malware is very likely developed by another APT, as all clues point towards a very experienced group of individuals. The AcidBox threat is a very stealthy piece of malware – it managed to remain under the radars of cybersecurity researchers for two years. Once the AcidBox threat infects a targeted system, it would load new modules and unload old ones periodically. This way, the AcidBox threat maintains flexibility, which allows it to serve different purposes depending on the needs of its operators. Malware experts have been unable to gather sufficient data regarding the full capabilities of the AcidBox threat due to its modular structure. However, it is perfectly clear that the AcidBox malware is a highly potent threat that can be modified to serve a variety of nefarious purposes.
Despite the low infection rate, the AcidBox threat should not be underestimated. It is likely that the authors of the AcidBox malware are planning on expanding their reach and launching a mass-scale campaign at some point in the future.