The BiBi-Linux Wiper malware damages files and operating systems by overwriting data with useless information, rendering the affected files unusable.
Cybersecurity experts from Security Joes’ Incident Response team recently stepped forward to aid Israeli companies amid the conflict between Israel and Hamas. During their investigations, they uncovered a concerning discovery: a new type of malware known as the BiBi-Linux Wiper.
This malicious software, designed for Linux systems, poses a significant threat. It is a powerful executable file that, if granted root access, can potentially wipe out an entire operating system. What sets it apart is its ability to target specific folders, overwrite files, and concurrently corrupt data using multiple threads, significantly amplifying its impact and speed.
Unlike other malware types that aim to steal data or demand ransom payments, the BiBi-Linux Wiper takes a different approach. It damages files and operating systems by overwriting data with useless information, rendering the affected files unusable. This kind of destructive software, often termed a “Wiper,” is not entirely new but remains a menacing cybersecurity threat against companies, businesses and unsuspecting users.
According to the company’s blog post, one noteworthy detail is the naming convention used in the malware—each infected file is titled bibi-linux.out. This name, seemingly random, actually holds a political undertone, as “bibi” is a common nickname for the current Israeli Prime Minister, Benjamin Netanyahu. Further exploration into the malware’s inner workings revealed this string hardcoded within its structure, used to generate identifiers for corrupted files.
The researchers noted the rarity of this malware; at the time of their investigation, it had only received two detections on VirusTotal, suggesting its newness and limited distribution.
The malware, upon execution, produces an excessive amount of output, revealing details about its progress and actions. To address this, threat actors use the “nohup” command, redirecting output to a file and preventing the wiping process from halting even if the console is closed.
Its use of multiple threads and system calls enables it to corrupt files rapidly and efficiently. The malware follows a pattern, overwriting files with random data, renaming them with a ‘BiBi’ extension, and excluding certain file types crucial for the operating system’s function.
Sophisticated Cyber Attacks Linked to Hamas and Pro-Palestinian Groups Target Israel
Hamas has displayed a surprising level of sophistication in its cyber warfare tactics, as demonstrated by several incidents in recent years. In 2014, Hamas not only breached the live transmission of Israel’s Channel 10 TV station but also defaced the broadcast by displaying distressing images of Palestinian civilians affected by Israeli airstrikes in Gaza.
In July 2018, Israel accused Hamas of spying on IDF soldiers using malicious World Cup and dating apps. The group reportedly exploited hundreds of IDF Android devices by luring users with images of attractive women.
By February 2020, reports surfaced that Hamas hackers masqueraded as women to deceive IDF personnel into downloading malware. These hackers, posing as women, sent out malware to gather critical information and gain control over the soldiers’ phone functions.
Despite these cyberattacks attributed to Hamas, other groups have also targeted Israel’s critical infrastructure. AnonGhost, a pro-Palestinian group, not only hacked the Red Alert App, an Israeli rocket alert app but also sent fabricated missile, rocket, and nuclear bomb alerts to Israeli citizens.
On October 16th, 2023, researchers identified a fraudulent rocket alert app hosted on a malicious website, distributing malware onto the smartphones of unsuspecting Israeli citizens.
Nonetheless, cybersecurity experts persist in monitoring and analyzing these threats. The readiness of companies to defend against evolving cyber risks remains of utmost importance.
RELATED NEWS
- Gaza Cybergang targeting Palestinian authority figures
- US seizes official website of Iranian state-owned Press TV
- Israeli Spyware Vendor Uses Chrome 0day to Target Journalists
- Israel claims to bomb Hamas’s cyber Ops HQ amidst uncertainties
- Android malware on Play Store targeting Palestinians on Facebook