Pro-Hamas hackers target Israeli orgs with new BiBi-Linux wiper malware

Pro-Hamas hackers target Israeli orgs with new BiBi-Linux wiper malware

A new wiper malware has been observed targeting Israeli organizations amid the armed conflict between Israel and Hamas.

Dubbed “BiBi-Linux,” the new data wiper was spotted by Security Joes’ Incident Response team while investigating the breach of an Israeli organization's network. The malware is an x64 ELF executable that has no obfuscation or protective measures. It allows attackers to specify target folders and can potentially destroy an entire operating system if executed with root permissions.

“During execution, it produces extensive [terminal] output, which can be mitigated using the ‘nohup’ command. It also leverages multiple threads and a queue to corrupt files concurrently, enhancing its speed and reach,” the researchers said.

BiBi-Linux overwrites the files’ content with random data and then it renames them and adds an extension that includes the substring “BiBi” (Bibi is the nickname for Israeli Prime Minister Benjamin Netanyahu). It also excludes .out or .so file types.

The malware doesn’t use reversible encryption algorithms and does not establish command-and-control communication to exfiltrate data, indicating that the purpose of the malware is to destroy computer networks.

At present, BiBi-Linux received only two detections on VirusTotal, indicating that the malware is relatively new and not widely distributed yet.

Pro-Palestinian hacktivists have lately expanded their attacks to target not only Israeli entities but also countries considered to be Israeli allies, Check Point said in a new report.

“The United States, France, India, and more recently, Italy have seen a notable uptick in cyber activities against them. French digital infrastructure, for instance, experienced over 300 incidents, predominantly DDoS attacks and website defacements with minimal impact,” the company said.


Back to the list

Latest Posts

FBI-wanted member of ransomware gang arrested in Ukraine, extradited to the US

FBI-wanted member of ransomware gang arrested in Ukraine, extradited to the US

Using custom-developed malware, including ransomware such as LockerGoga, MegaCortex, HIVE and Dharma, the hackers encrypted data on corporate networks.
18 June 2025
Russian crypto executive sentenced to prison in US for market manipulation scheme

Russian crypto executive sentenced to prison in US for market manipulation scheme

In a 2019 interview, Andriunin openly described building algorithms to carry out these fake trades.
18 June 2025
ClickFix technique widely used to deliver multi-stage malware campaigns

ClickFix technique widely used to deliver multi-stage malware campaigns

ClickFix tricks victims into copying and pasting malicious PowerShell that results in malware execution.
18 June 2025