A wave of new cyberattacks from pro-Hamas hackers using the BiBi malware has been identified in Israel in recent days. This involves four new variants of malware that are able to evade antivirus engines, according to the VirusTotal platform.
The BiBi malware is a wiper-type malware designed to erase and corrupt data. Unlike other types of malware, whose purpose is to steal or manipulate data, wiper-type malwares are specifically created to cause damage, making it very difficult to recover data affected by the attack.
The BiBi malware was developed by a hacker group associated with Hamas at the start of the war in October. The attacks focused on Israeli companies with the aim of causing as much damage as possible by deleting and corrupting file and information data and disrupting the operating systems without any request for ransom.
How does the BiBi malware work?
The operation of the malware involves moving between files in the system and corrupting them, so that at the end of the process, in each file corrupted by the malware, the file extension becomes BiBi. In addition, the malware deletes all Shadow Copies, changes the boot policy of the victim's system, and finally disables options for automatic restoration. These techniques used by the attackers prevent the victim from performing system restores and reduce the ability to restore files, information, and sensitive servers.
It now appears that the hacker group is still active and continues to generate new versions of the malware. The latest discovery is signed by the company Symantec.
According to Idan Malichi, a security researcher at the cyber company CyFox which specializes in providing AI-based information security solutions, "Amid the ongoing war, the new malware discovered is aimed at Israeli organizations large and small, with the intention of destroying most of the information and content in the company's infrastructure."
Currently, he says, the names of organizations attacked by the new variants of BiBi Wiper have not been revealed yet.