Windows Variant of BiBi Wiper Signals Escalation in Cyber Attacks

Cybersecurity researchers have issued a warning about the appearance of a Windows version of a destructive malware, known as the BiBi Wiper, which was previously identified targeting Linux systems during cyber attacks with a focus on Israel.

Referred to as the “BiBi-Windows Wiper,” this malicious software represents the Windows counterpart to its Linux counterpart, the BiBi-Linux Wiper. The latter had been deployed by a pro-Hamas hacktivist group following the Israel-Hamas war last month.

BlackBerry, the Canadian cybersecurity company, highlighted that the presence of the Windows variant signifies a concerning development in the malware’s evolution. It suggests that the threat actors responsible for its creation are broadening their capabilities, expanding their attacks to encompass both end-user machines and application servers.

Slovak cybersecurity firm, which has been actively tracking the group behind this threat, has dubbed them “BiBiGun.” They identified the Windows version of the wiper (bibi.exe), compiled on October 21, 2023, two weeks after the outbreak of the conflict. However, the precise method of distribution remains unknown.

The BiBi-Windows Wiper demonstrates its malevolence by systematically overwriting data within the C:\Users directory with random, irrecoverable information, appending the file names with a .BiBi extension. Furthermore, it erases shadow copies, a technique that effectively blocks any attempts by victims to restore their lost files.

One notable similarity shared with its Linux counterpart is its multithreading capability. To maximize its destructive potential, the malware runs an impressive twelve threads on eight processor cores simultaneously.

It is unclear whether the wiper has already been deployed in actual cyberattacks or who the intended targets might be. Security Joes, the firm that initially documented the BiBi-Linux Wiper, revealed that this malware is part of a broader camp