New BiBi-Linux Wiper Malware Targets Israeli Orgs in Destructive Attacks
A new malware wiper known as BiBi-Linux is being used to destroy data in attacks targeting Linux systems belonging to Israeli companies.
Security Joes' Incident Response team discovered the malicious payload while investigating the breach of an Israeli organization's network. Currently, only two security vendors' malware scanning engines detect BiBi-Linux as malicious, according to VirusTotal.
The malware reveals its true nature by not dropping a ransom note or providing victims with a way to reach out to the attackers to negotiate payment for a decryptor, even though it fakes file encryption,
"This new threat does not establish communication with remote Command & Control (C2) servers for data exfiltration, employ reversible encryption algorithms, or leave ransom notes as a means to coerce victims into making payments," said Security Joes.
"Instead, it conducts file corruption by overwriting files with useless data, damaging both the data and the operating system."
The payload (an x64 ELF executable named bibi-linux.out) found on the victim's systems allows the attackers to choose what folders to encrypt via command-line parameters.
It can completely wipe a compromised device's operating system when run with root privileges if the attackers do not provide a target path, as it will attempt to delete the entire '/' root directory.