As violence escalates between Israel and the Palestinian militants, pro-Palestine hackers have launched new destructive cyberattacks on Israeli companies using an updated version of the well known BiBi malware. Security researchers have identified four new versions of the data-wiping BiBi malware able to bypass antivirus protections according to the VirusTotal threat intelligence platform.
First observed in October 2023 coinciding with open Israel-Gaza warfare, the new BiBi malware is designed to corrupt systems beyond recovery. And unlike typical malware designed for data theft or manipulation, the BiBi malware’s primary objective is to obliterate and corrupt data irreversibly. Originating from pro-Palestine hackers, these attacks aimed to inflict maximum disruption by deleting and corrupting files and information without any ransom demands.
The malware overwrites file extensions with “.BiBi” and disables restore points and boot recovery options to ensure destroyed data cannot be retrieved. “Amid the ongoing clashes, the new malware discovered is aimed at Israeli organizations large and small, with the intention of destroying most of the information and content in the company’s infrastructure,” explains Idan Melichi, a security researcher at an Israeli cyber firm CyFox.
Researchers from ESET and SecurityJoes observed variants of the BiBi wiper malware in late October. According to their analysis, the malicious code was deployed by pro-Hamas hacktivist groups.
At present, the identities of the organizations victimized by the latest BiBi variants remain undisclosed, amplifying concerns across Israel’s cybersecurity landscape.