The BiBi-Linux Wiper, or BiBi malware, is a new computer virus threatening users of the Linux operating system. Security Joes, a cybersecurity firm, says the malware simply “wipes” Linux devices and is obviously named for Israel’s Prime Minister Benjamin Netanyahu whose famous nickname is “Bibi.”
Security Joes Incident Response team volunteered to assist Israeli companies during the Iron Swords War in Gaza against Hamas. During a forensics investigation, the firm found what it says appears to be a new Linux Wiper malware.
Will you offer us a hand? Every gift, regardless of size, fuels our future.
Your critical contribution enables us to maintain our independence from shareholders or wealthy owners, allowing us to keep up reporting without bias. It means we can continue to make Jewish Business News available to everyone.
You can support us for as little as $1 via PayPal at [email protected].
Thank you.
Security Joes is a multi-layered incident response company strategically located in nine different time-zones worldwide, providing a follow-the-sun MDR & IR coverage to respond to any incident remotely.
Security Joes Incident Response team voluntarily conducted a forensic investigation within victim networks of Israeli companies. A “hacktivist” group affiliated with the terrorist organization Hamas broke into Israeli companies and deployed a new cyber weapon to destroy their respective infrastructures. Notably, they decided to hardcode the name of the Israeli Prime Minister in the malware name and in every destroyed file’s extension.
The firm explained that this attack had no ransom note or C2 servers which increased its confidence that the malware tracked as BiBi-Linux is indeed a Wiper aimed for data destruction alone and is not a form of ransomware.
In other words, it is a form of cyber terrorism.
This new threat, said Security Joes, does not establish communication with remote Command & Control (C2) servers for data exfiltration, employ reversible encryption algorithms, or leave ransom notes as a means to coerce victims into making payments. Instead, it conducts file corruption by overwriting files with useless data, damaging both the data and the operating system. This category of destructive software is commonly referred to as a “Wiper” and is not a recent phenomenon.
The malicious file discovered on each of the compromised machines was named bibi-linux.out.
