August 09, 2017

Researchers at an Israeli cyber security firm Intezer have discovered a wiper malware “israbye” targeting unsuspecting users and spreading anti-Israeli content over the Internet. The malware comes with ransomware capabilities, well kind of.

When a ransomware infection hits devices it provides users with an option of paying ransom to get their files back. Just like what happened in Wannacry ransomware attack but in this case, the malware locks files, spreads anti-Israeli content and infects systems in such a way that its data can’t be restored.

The malware works in a way that upon infecting a targeted device, it replaces the file’s content with messages in broken English and Hebrew language. In a conversation with Israeli news site Haaretz, Ari Eitan, director of research at Intezer said that: “It’s not exactly encryption. It simply totally changes the files’ content.”

The message in English according to researchers is “Fuck Israel, (username of the victim) You will never recover your files until Israel “disepeare.” While the message in Hebrew says that victim will only get their data back when “we can restore our victims, our souls, our freedom; when we heal Palestine and can recover Al-Aqsa.”

Here is a full preview of the page displayed once the malware takes over an infected device:

anti israeli wiper malware infects devices that data cant be restored

Furthermore, Ido Naor, a security researcher at Kaspersky Labs noted that upon infecting, the malware changes the desktop of a targeted device and also with some of the files present in the Downloads directories. However, Noar also found that by typing an empty “ClickMe.exe” command it can kill the process of this malware.


Another thing noted by researchers is that the malware came out around two weeks ago; the same time when Israeli military and Palestinian worshipers boycotted al-Aqsa mosque compound to protest against Israeli government’s decision to install metal detectors at the site.

At the moment it is unclear who is the developer of this malware. But, based on the content and message in broken languages it can be assumed that whoever has developed the malware is new to the game.

Those interested in knowing more about the malware can contact the researchers Ari Eitan and IdoNaor on Twitter while its samples are available on VirusTotal, a Google owned platform that analyzes files and URLs enabling the identification of viruses, worms, Trojans and other kinds of malicious content detected by antivirus engines and website scanners.


Remember, in the past, Hizbullah and Gaza hackers conducted highly sophisticated malware attacks on Israeli citizens and military by using fake apps and images of IDF’s female soldiers. One of the hackers was also caught hacking Israeli drones while another group was found hacking security cameras in the country to keep an eye on government officials.

News Courtesy