Pro-Hamas Hacktivists Targeting Israeli Entities with Wiper Malware

A pro-Hamas hacktivist group has been observed utilizing a new Linux-primarily based wiper malware dubbed BiBi-Linux Wiper, focusing on Israeli entities amidst the ongoing Israeli-Hamas war.

“This malware is an x64 ELF executable, lacking obfuscation or protecting actions,” Security Joes stated in a new report revealed currently. “It lets attackers to specify target folders and can likely demolish an complete running process if operate with root permissions.”

Some of its other capabilities involve multithreading to corrupt documents concurrently to increase its speed and get to, overwriting data files, renaming them with an extension containing the challenging-coded string “BiBi” (in the format “[RANDOM_NAME].BiBi[NUMBER]”), and excluding particular file kinds from being corrupted.

✔ Approved From Our Partners

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code

“When the string “bibi” (in the filename), might appear random, it holds major which means when mixed with matters these types of as politics in the Middle East, as it is a frequent nickname utilized for the Israeli Key Minister, Benjamin Netanyahu,” the cybersecurity organization extra.

The destructive malware, coded in C/C++ and carrying a file dimension of 1.2 MB, lets the risk actor to specify focus on folders via command-line parameters, by default opting for the root listing (“https://thehackernews.com/”) if no route is offered. On the other hand, doing the action at this degree necessitates root permissions.

One more noteworthy part of BiBi-Linux Wiper is its use of the nohup command during execution so as to run it unimpeded in the qualifications. Some of the file styles that are skipped from staying overwritten are all those with the extensions .out or .so.

“This is mainly because the risk depends on files this kind of as bibi-linux.out and nohup.out for its operation, alongside with shared libraries essential to the Unix/Linux OS (.so files),” the business stated.

The improvement arrives as Sekoia revealed that the suspected Hamas-affiliated danger actor identified as Arid Viper (aka APT-C-23, Desert Falcon, Gaza Cyber Gang, and Molerats) is most likely arranged as two sub-groups, with each cluster concentrated on cyber espionage pursuits from Israel and Palestine, respectively.

“Concentrating on people today is a typical practice of Arid Viper,” SentinelOne researchers Tom Hegel and Aleksandar Milenkoski claimed in an analysis produced previous week.

“This contains pre-picked Palestinian and Israeli high-profile targets as nicely as broader teams, typically from critical sectors this kind of as protection and federal government companies, regulation enforcement, and political parties or actions.”

Attack chains orchestrated by the team include social engineering and phishing attacks as original intrusion vectors to deploy a vast selection of custom made malware to spy on its victims. This comprises Micropsia, PyMicropsia, Arid Gopher, and BarbWire, and a new undocumented backdoor known as Rusty Viper which is penned in Rust.

“Collectively, Arid Viper’s arsenal delivers numerous spying abilities these kinds of as recording audio with the microphone, detecting inserted flash drives and exfiltrating documents from them, and stealing saved browser credentials, to name just a couple of,” ESET noted before this thirty day period.

Located this post interesting? Follow us on Twitter  and LinkedIn to read much more unique material we put up.