BiBi Wiper Attacking Windows Machine to Cause Data Destruction

The ongoing conflict between Israel and Hamas has taken a new turn as cyberattacks have become a prominent weapon for both sides.

A new wiper malware, dubbed the BiBi-Linux Wiper, has been discovered by an Israeli security firm, targeting Linux systems and causing irreversible data loss. 

The malware is believed to be deployed by pro-Hamas hackers, who have also developed a Windows variant of the same malware.

The BiBi-Linux Wiper was first detected by SecurityJoes, an Israeli incident response company, who found it on several compromised Linux servers belonging to Israeli organizations. 

The malware is named after Israeli Prime Minister Benjamin Netanyahu’s nickname, “Bibi,” which is appended to the destroyed files. 

The malware has no ransom demand or communication with any command-and-control servers, indicating that its sole purpose is to cause chaos and damage.

Protect Your Storage With SafeGuard

Is Your Storage & Backup Systems Fully Protected? – Watch 40-second Tour of SafeGuard

StorageGuard scans, detects, and fixes security misconfigurations and vulnerabilities across hundreds of storage and backup devices.

The Motive Behind the BiBi-Linux Wiper

According to SecurityJoes, the BiBi-Linux Wiper is likely to be the work of a hacktivist group affiliated with Hamas, the Palestinian militant organization that controls the Gaza Strip. 

The cyberattacks are part of the broader conflict that erupted on October 7, 2023, when Hamas launched a surprise rocket attack on Israel, killing 12 civilians and injuring dozens more. 

Israel responded with airstrikes and ground operations, resulting in hundreds of casualties on both sides.

The cyber warfare has also escalated as BlackBerry’s Research and Intelligence Team has identified a Windows version of the BiBi-Linux Wiper, called the BiBi-Windows Wiper. 

This malware targets Windows machines, including end-user devices and application servers, and employs a sophisticated mechanism to wipe out files while avoiding essential ones for system operation. 

                 BiBi’s console output

It also deletes shadow copies and disables recovery features, making file restoration difficult.

The Development and Distribution of the BiBi-Windows Wiper

The BiBi-Windows Wiper was compiled on October 21, 2023, just two weeks after the initial terror attack, suggesting a rapid development and deployment by the pro-Hamas hackers. 

The malware operates as a portable executable x64 Windows, which can be easily distributed and executed on various systems.

The emergence of wiper malware, designed for destruction rather than financial gain, marks a concerning trend in cyber warfare tied to geopolitical events.

Patch Manager Plus, the one-stop solution for automated updates of over 850 third-party applications: Try Free Trial.

Gurubaran is a Security Consultant, Security Editor & Co-Founder of Cyber Security News & GBHackers On Security.