BiBi Malware Removal

by Brendan Smith
November 14, 2023

BiBi, a destructive wiper malware, targets both Linux and Windows systems, aiming to erase or damage data irreversibly. Affiliated with the Hamas terrorist group, BiBi selectively destroys files while avoiding critical extensions like .exe, .dll, and .sys.

It employs malvertising, email attachments, and malicious links for distribution, posing a significant threat to users’ data integrity and system functionality. The malware’s motivations align with ideological and political objectives, showcasing its destructive capabilities in disrupting targeted systems.

BiBi Malware Overview

BiBi is a type of malware categorized as a wiper, designed to cause irreversible damage to data on infected systems. It targets Linux and Windows users, with two variants tailored to different operating systems. The creation of BiBi is attributed to a hacker group with alleged ties to Hamas.

Detect results on VirusTotal

Name BiBi data wiper
Detection Ransom.Win64.Stealer.sa, DoS:Win32/WprBlightre.B!dha (Microsoft)
Damage Data loss
Similar Behavitor Trojan:BAT/SysWiper

Technicsl Analysis

BiBi, a wiper malware, is malicious software crafted explicitly to erase or damage data on infected systems irreversibly. Unlike other malware types that may focus on theft, surveillance, or financial gain, wiper malware, exemplified by BiBi, aims to cause severe disruption and destruction to targeted systems.

Its primary objective is to render data and often entire systems unusable, resulting in operational paralysis and data loss. BiBi employs various techniques to make data recovery challenging or impossible, such as overwriting critical files, modifying system configurations, or encrypting data beyond recovery.

The motivations behind wiper malware attacks vary widely, including ideological, political, or strategic objectives. In the case of BiBi, it appears to be utilized by hackers affiliated with the Hamas group. BiBi stands out for its selective destruction of files, excluding those with .exe, .dll, and .sys extensions crucial for proper computer functioning. These specific extensions are hardcoded in the malware, ensuring they are bypassed during the wiping process, allowing it to execute its intended destructive course.

During the wiping operation, targeted files transform and are filled with random bytes, making them unusable and irrecoverable. The malware extends its functionality to delete shadow copies within the system, posing a significant challenge for users attempting recovery unless they have an offline backup.

Spreading Methods

BiBi typically infiltrates computers through deceptive methods, such as email attachments or links containing malicious payloads. Users may unwittingly download and execute the malware when interacting with these elements. Additionally, malvertising, involving malicious code injection into online ads, can lead to malware infections if users click on compromised ads.

Frequently Asked Questions (FAQ)

My computer is infected with BiBi malware, should I format my storage device to get rid of it?
Reformatting your storage device should only be considered as a last resort for removing BiBi malware. Prior to taking such drastic action, it is advisable to perform a comprehensive scan using trustworthy antivirus or
What are the biggest issues that malware can cause?
Malware poses a significant risk to the security and privacy of sensitive information, potentially leading to identity theft, financial loss, and unauthorized access to personal accounts. Furthermore, it can disrupt the normal operation of a system, causing performance issues, system crashes, and data corruption.
What is the purpose of BiBi?
The purpose of BiBi is to enable remote access and control of compromised devices. It allows threat actors to perform various malicious activities, such as unauthorized access, data theft, system manipulation, and disabling security measures, potentially causing significant harm to individuals and organizations.
Will Gridinsoft Anti-Malware protect me from malware?
Nevertheless, it is crucial to recognize that sophisticated malware can remain hidden deep within the system. Consequently, conducting a complete system scan is imperative to detect and eradicate malware.

About the author

Brendan Smith

Cybersecurity analyst covering malware families, suspicious files, and detection alerts. Brendan focuses on clear explanations of what a warning means, when it may be a false positive, and which cleanup steps are appropriate.

View all posts

Leave a Comment