A wave of new cyberattacks from pro-Hamas hackers using the BiBi malware has been identified in Israel in recent days. This involves four new variants of malware that are able to evade antivirus engines, according to the VirusTotal platform.
How does the BiBi malware work?
The operation of the malware involves moving between files in the system and corrupting them, so that at the end of the process, in each file corrupted by the malware, the file extension becomes BiBi. In addition, the malware deletes all Shadow Copies, changes the boot policy of the victim’s system, and finally disables options for automatic restoration. These techniques used by the attackers prevent the victim from performing system restores and reduce the ability to restore files, information, and sensitive servers.
It now appears that the hacker group is still active and continues to generate new versions of the malware. The latest discovery is signed by the company Symantec.