Malware researcher Jakub Kroustek from Avast has recently discovered an anti-Israel & pro-Palestinian data wiper dubbed IsraBye. Even if the lock screen claims that the files can be recovered, their content is replaced with an anti-Israel message.
The anti-Israel wiper was discovered concurrently the Al Aqsa crisis triggered by the decision of Israeli authorities to install metal detectors and other measures at the Al Aqsa mosque in Jerusalem. The measures were refused by Palestinians.
Researchers at Bleepingcomputer have published an interesting video on the IsraBye:
The wiper has a modular architecture composed of 5 different executables. The first executable is the launcher and wiper called IsraBye.exe. When executed IsraBye.exe silently begin to wipe all attached drives by replacing their contents with the following message:
Fuck-israel, [username] You Will never Recover your Files Until Israel disepeare
The wiper doesn’t encrypt the file, but destroy them and once completed the process, it extracts the files Cry.exe, Cur.exe, Lock.exe, and Index.exe from the IsraBye.exe executable and launches them.
The Cry.exe executable replaces the desktop’s wallpaper with an anti-Israel or pro-Palestinian image.
The Cur.exe attaches an image that included the message “End of Israel” to the mouse cursor.
The Lock.exe performs the following three functions:
The researcher Ido Naor noticed that creating a file called ClickMe.exe in the %Temp% folder it is possible to make IsraBye crashes when first starting.
The Index.exe executable displays the lock screen and extracts a wav file and play it.
[adrotate banner=”9″] | [adrotate banner=”12″] |
(Security Affairs – IsraBye, wiper)
[adrotate banner=”13″]
China-linked threat actors are preparing cyber attacks against U.S. critical infrastructure warned FBI Director Christopher…
The United Nations Development Programme (UNDP) has initiated an investigation into an alleged ransomware attack…
BlackBerry reported that the financially motivated group FIN7 targeted the IT department of a large…
An international law enforcement operation led to the disruption of the prominent phishing-as-a-service platform LabHost.…
Russia-linked APT Sandworm employed a previously undocumented backdoor called Kapeka in attacks against Eastern Europe since…
Cisco has addressed a high-severity vulnerability in its Integrated Management Controller (IMC) for which publicly…
This website uses cookies.