BiBi Wiper Malware Rampage: Iranian Hackers’ New Data Destruction Frenzy

BiBi Wiper malware’s latest prank? Zapping disk partitions to turn data recovery into a wild goose chase. Thanks, Void Manticore, for the extended downtime and not-so-funny ‘delete your partition’ punchline.

Hot Take:

Grab your digital brooms, folks! The BiBi Wiper’s new dance move involves wiping disk partitions with such flair, even data recovery tools are left standing in awe. Linked to the cyber-specter ‘Void Manticore,’ Iran’s alleged digital boogeyman, this malware has gone from spooky story to nightmarish reality for victims in Israel and Albania. With a malware menagerie that includes Cl Wiper and Partition Wiper, it seems like Void Manticore is throwing a malware masquerade, and everyone’s invited—except for your data, that is.

Key Points:

  • BiBi Wiper malware evolves to delete disk partition tables, effectively turning data restoration into a digital game of “Operation”.
  • Void Manticore, possibly backed by Iran’s MOIS, is playing cyber puppeteer with both BiBi Wiper and its sister malware, Cl and Partition Wipers.
  • Security Joes and Israel’s CERT dropped the cybersecurity equivalent of a mixtape with alerts and reports on these cyber shenanigans.
  • These cybercriminals are catfishing the world with fake hacktivist personas on Telegram, because nothing says ‘covert ops’ like social media bragging rights.
  • Void Manticore wields an arsenal of digital destructo-tools, including web shells, manual deletion tools, and even credential verification gadgets.
Cve id: CVE-2019-0604
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 03/06/2019
Cve description: A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0594.

Need to know more?


Looks like Void Manticore's been busy crafting its digital cosplay, masquerading behind the 'Karma' hacktivist group. They're the digital equivalent of the annoying neighborhood kid who rings your doorbell and runs away—except they leave your data in shambles. With over 40 Israeli organizations already in their "pranked" list, these cyber pranksters are the type that steal your lunch money and post the evidence on Telegram. And let's not forget 'Homeland Justice', the Albanian alter-ego of this cyber charade, leaking stolen files like a sieve.


Just when you thought your digital toolbox was cool, Void Manticore comes in with the ultimate Swiss Army knife of destruction. They start with the Karma Shell, a web shell that's more incognito than a chameleon in a Skittles bag. Then they roll out the new and unimproved BiBi Wiper variants, which now come in both Linux and Windows flavors, like a twisted digital ice cream truck. They even have the audacity to skip over critical system files, so your computer can boot up just to tell you all your data is gone—how courteous of them. And in the realm of overkill, they've introduced Partition Wipers that hit your system's partition table harder than a toddler banging on a piñata.

So, if you're keeping score in this game of cyber whack-a-mole, it's Void Manticore: 1, Digital Peace of Mind: 0. And if you were wondering whether your blue screen of death comes with a side of data loss, these wipers ensure that it does. It's like they're trying to win a high score in a game where everyone else is definitely losing.

And there you have it, dear netizens, the lowdown on the BiBi Wiper's latest shenanigans. If you thought data security was just a walk in the digital park, think again. It's more like a park where the squirrels are hackers and the acorns are full of malware. Stay safe out there!

Tags: BiBi Wiper Malware, Cyber Espionage, Data-Wiping Attacks, hacktivist groups, Iranian Threat Group, Middle Eastern Cyber Conflict, Void Manticore