The BlackBerry Research and Intelligence Team has recently discovered a new variant of the BiBi-Windows Wiper malware. This variant expands its attack beyond Linux systems and targets a wider range of devices, including end-user machines and application servers [3] [4] [5] [6].


The BiBi-Windows Wiper malware is a destructive malware that overwrites data in the C:\Users directory with junk data and appends BiBi to the filename. It also deletes shadow copies [2] [3] [6], making file recovery impossible [3] [4] [5]. The Windows version of the wiper [1] [3] [4] [6], named bibi.exe [1], was compiled on October 21, 2023 [1] [3] [4] [6], two weeks after the start of the Israel-Hamas war [4] [6]. This malware has been used in real-world attacks by pro-Hamas hacktivists, specifically targeting Israeli organizations [7]. Security Joes [3], the firm that first documented the BiBi-Linux Wiper [3], believes that the malware is part of a larger campaign targeting Israeli companies [3] [4] [6]. They have identified similarities between the hacktivist group Karma and another actor known as Moses Staff [3], suspected to be of Iranian origin [3] [4] [6]. The distribution method of the malware is unknown [5], adding to its unpredictability [5].


This discovery highlights the urgent need for enhanced cybersecurity measures to protect against evolving and destructive cyber attacks [5]. The expansion of the BiBi-Windows Wiper malware to target a wider range of devices poses a significant threat to end-user machines and application servers. The specific targeting of Israeli organizations by pro-Hamas hacktivists raises concerns about the potential impact on national security. It is crucial for organizations to remain vigilant and implement robust security measures to mitigate the risks posed by this malware and similar cyber threats. Additionally, further investigation into the distribution method of the malware is necessary to better understand its origins and potential future implications.