BLUERABBIT Backdoor Targets Windows Systems with Encryption and Wiping Capabilities

The BLUERABBIT backdoor, a Golang-based malware, has been identified targeting Windows systems since March 2026. It combines data theft, file encryption, and destructive disk wiping, primarily affecting Israeli entities. The malware is believed to be linked to Iranian threat actors. BLUERABBIT encrypts files with a .candy extension and exfiltrates data to cloud storage controlled by attackers. The attack vector includes remote access and system profiling. Organizations are urged to strengthen their defenses against this sophisticated threat. The current status indicates ongoing investigations and heightened awareness among cybersecurity professionals.

Key Points: • BLUERABBIT backdoor targets Windows systems with encryption and disk wiping. • The malware is linked to Iranian threat actors and primarily affects Israeli organizations. • First observed in March 2026, BLUERABBIT employs a full-spectrum intrusion framework.