Home Cyber Security Professional-Hamas Hacktivists Concentrating on Israeli Entities with Wiper Malware

Professional-Hamas Hacktivists Concentrating on Israeli Entities with Wiper Malware

Professional-Hamas Hacktivists Concentrating on Israeli Entities with Wiper Malware


Oct 30, 2023NewsroomCyber Warfare / Malware

Wiper Malware

A professional-Hamas hacktivist group has been noticed utilizing a brand new Linux-based wiper malware dubbed BiBi-Linux Wiper, concentrating on Israeli entities amidst the continuing Israeli-Hamas conflict.

“This malware is an x64 ELF executable, missing obfuscation or protecting measures,” Safety Joes mentioned in a brand new report revealed right now. “It permits attackers to specify goal folders and might probably destroy a whole working system if run with root permissions.”

A few of its different capabilities embody multithreading to deprave information concurrently to reinforce its velocity and attain, overwriting information, renaming them with an extension containing the hard-coded string “BiBi” (within the format “[RANDOM_NAME].BiBi[NUMBER]”), and excluding sure file sorts from being corrupted.


“Whereas the string “bibi” (within the filename), might seem random, it holds important that means when combined with subjects akin to politics within the Center East, as it’s a widespread nickname used for the Israeli Prime Minister, Benjamin Netanyahu,” the cybersecurity firm added.

The harmful malware, coded in C/C++ and carrying a file measurement of 1.2 MB, permits the menace actor to specify goal folders by way of command-line parameters, by default choosing the foundation listing (“https://thehackernews.com/”) if no path is supplied. Nevertheless, performing the motion at this degree requires root permissions.

One other notable side of BiBi-Linux Wiper is its use of the nohup command throughout execution in order to run it unimpeded within the background. Among the file sorts which can be skipped from being overwritten are these with the extensions .out or .so.

“It’s because the menace depends on information akin to bibi-linux.out and nohup.out for its operation, together with shared libraries important to the Unix/Linux OS (.so information),” the corporate mentioned.

The event comes as Sekoia revealed that the suspected Hamas-affiliated menace actor generally known as Arid Viper (aka APT-C-23, Desert Falcon, Gaza Cyber Gang, and Molerats) is probably going organized as two sub-groups, with every cluster targeted on cyber espionage actions towards Israel and Palestine, respectively.

“Concentrating on people is a typical apply of Arid Viper,” SentinelOne researchers Tom Hegel and Aleksandar Milenkoski mentioned in an evaluation launched final week.


“This contains pre-selected Palestinian and Israeli high-profile targets in addition to broader teams, sometimes from important sectors akin to protection and authorities organizations, regulation enforcement, and political events or actions.”

Assault chains orchestrated by the group embody social engineering and phishing assaults as preliminary intrusion vectors to deploy a broad number of customized malware to spy on its victims. This includes Micropsia, PyMicropsia, Arid Gopher, and BarbWire, and a brand new undocumented backdoor referred to as Rusty Viper that is written in Rust.

“Collectively, Arid Viper’s arsenal gives numerous spying capabilities akin to recording audio with the microphone, detecting inserted flash drives and exfiltrating information from them, and stealing saved browser credentials, to call just some,” ESET famous earlier this month.

Discovered this text fascinating? Comply with us on Twitter and LinkedIn to learn extra unique content material we publish.



Please enter your comment!
Please enter your name here