A new wiper malware has been observed targeting Israeli organizations amid the armed conflict between Israel and Hamas.
Dubbed “BiBi-Linux,” the new data wiper was spotted by Security Joes’ Incident Response team while investigating the breach of an Israeli organization's network. The malware is an x64 ELF executable that has no obfuscation or protective measures. It allows attackers to specify target folders and can potentially destroy an entire operating system if executed with root permissions.
“During execution, it produces extensive [terminal] output, which can be mitigated using the ‘nohup’ command. It also leverages multiple threads and a queue to corrupt files concurrently, enhancing its speed and reach,” the researchers said.
BiBi-Linux overwrites the files’ content with random data and then it renames them and adds an extension that includes the substring “BiBi” (Bibi is the nickname for Israeli Prime Minister Benjamin Netanyahu). It also excludes .out or .so file types.
The malware doesn’t use reversible encryption algorithms and does not establish command-and-control communication to exfiltrate data, indicating that the purpose of the malware is to destroy computer networks.
At present, BiBi-Linux received only two detections on VirusTotal, indicating that the malware is relatively new and not widely distributed yet.
Pro-Palestinian hacktivists have lately expanded their attacks to target not only Israeli entities but also countries considered to be Israeli allies, Check Point said in a new report.
“The United States, France, India, and more recently, Italy have seen a notable uptick in cyber activities against them. French digital infrastructure, for instance, experienced over 300 incidents, predominantly DDoS attacks and website defacements with minimal impact,” the company said.
