U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Anti-Israel and pro-Palestinian IsraBye wiper spreads as a ransomware

Malware researchers discovered an anti-Israel & pro-Palestinian data wiper dubbed IsraBye that is spreading as a ransomware. Malware researcher Jakub Kroustek from Avast has recently discovered an anti-Israel & pro-Palestinian data wiper dubbed IsraBye. Even if the lock screen claims that the files can be recovered, their content is replaced with an anti-Israel message. This is […]

IsraBy wallpaper (Source Bleepingcomputer)

Malware researchers discovered an anti-Israel & pro-Palestinian data wiper dubbed IsraBye that is spreading as a ransomware.

Malware researcher Jakub Kroustek from Avast has recently discovered an anti-Israel & pro-Palestinian data wiper dubbed IsraBye. Even if the lock screen claims that the files can be recovered, their content is replaced with an anti-Israel message.

The anti-Israel wiper was discovered concurrently the Al Aqsa crisis triggered by the decision of Israeli authorities to install metal detectors and other measures at the Al Aqsa mosque in Jerusalem. The measures were refused by Palestinians.

Researchers at Bleepingcomputer have published an interesting video on the IsraBye:

The wiper has a modular architecture composed of 5 different executables. The first executable is the launcher and wiper called IsraBye.exe. When executed IsraBye.exe silently begin to wipe all attached drives by replacing their contents with the following message:

Fuck-israel, [username] You Will never Recover your Files Until Israel disepeare

The wiper doesn’t encrypt the file, but destroy them and once completed the process, it extracts the files Cry.exe, Cur.exe, Lock.exe, and Index.exe from the IsraBye.exe executable and launches them.

The Cry.exe executable replaces the desktop’s wallpaper with an anti-Israel or pro-Palestinian image.

IsraBye wallpaper (Source Bleepingcomputer)

IsraBye wallpaper (Source Bleepingcomputer)

The Cur.exe attaches an image that included the message “End of Israel” to the mouse cursor.

The Lock.exe performs the following three functions:

  • it will look for the procexp64, ProcessHacker, taskmgr, procexp, xns5  processes in order to terminate them.
  • it will launch Index.exe if it is not already running.
  • it will copy the main Israbye.exe file to the root of other drives as a file called ClickMe.exe in order to spread the malware.

The researcher Ido Naor noticed that creating a file called ClickMe.exe in the %Temp% folder it is possible to make IsraBye crashes when first starting.

The Index.exe executable displays the lock screen and extracts a wav file and play it.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – IsraBye, wiper)

[adrotate banner=”13″]