Malware
peacenotwar |
---|
Type | Malware |
---|
Subtype | JavaScript Payload |
---|
Authors | Brandon Nozaki Miller |
---|
Technical details |
---|
Written in | JavaScript |
---|
peacenotwar is a piece of malware, which has been characterized as protestware,[1] created by Brandon Nozaki Miller. In March 2022, it was added as a dependency in an update for node-ipc
, a common JavaScript dependency.
Background
Between 7 March and 8 March 2022, Brandon Nozaki Miller, the maintainer of the node-ipc
package on the npm package registry, released two updates containing malicious code targeting systems in Russia and Belarus (CVE-2022-23812). This code recursively overwrites all files on the user's system drive with heart emojis.[2][3][4][5][6][7][8][9] A week later, Miller added the peacenotwar module as a dependency to node-ipc
.[10] The function of peacenotwar was to create a text file titled WITH-LOVE-FROM-AMERICA.txt
on the desktop of affected machines, containing a message in protest of the Russo-Ukrainian War; it also imports a dependency on a package (npm colors package) that would result in a Denial of Service (DoS) to any server using it.[11][12]
Impact
Because node-ipc
was a common software dependency, it compromised several other projects which relied upon it.[13]
Among the affected projects was Vue.js, which required node-ipc
as a dependency but didn't specify a version. Some users of Vue.js were affected if the dependency was fetched from specific packages. Unity Hub 3.1 was also affected, but a patch was issued on the same day as the release.[14][15]
See also
References
- ^ "Open source 'protestware' harms Open Source - Voices of Open Source". 24 March 2022. Archived from the original on 11 January 2024. Retrieved 9 June 2024.
- ^ Dan Goodin (18 March 2022). "Sabotage: Code added to popular NPM package wiped files in Russia and Belarus". Ars Technica. Archived from the original on 31 December 2023. Retrieved 9 June 2024.
- ^ "Open Source Maintainer Sabotages Code to Wipe Russian, Belarusian Computers". Vice News. 18 March 2022. Archived from the original on 18 March 2022. Retrieved 18 March 2022.
- ^ Lucian Constantin (19 March 2022). "Developer sabotages own npm module prompting open-source supply chain security questions". Computer Security Online. Retrieved 16 March 2024.
- ^ Adam Bannister (21 March 2022). "NPM maintainer targets Russian users with data-wiping 'protestware'". The Daily Swig: Cybersecurity News and Views. Archived from the original on 16 March 2024. Retrieved 16 March 2024.
- ^ "Embedded Malicious Code in node-ipc". GitHub. Retrieved 16 March 2024.
- ^ "CVE-2022-23812 Detail". National Vulnerability Database. Retrieved 16 March 2024.
- ^ Ax Sharma (17 March 2022). "BIG sabotage: Famous npm package deletes files to protest Ukraine war". Bleeping Computer. Archived from the original on 17 March 2022. Retrieved 16 March 2024.
- ^ "CVE-2022-23812". GitHub. Archived from the original on 16 March 2024. Retrieved 16 March 2024.
- ^ Proven, Liam (18 March 2022). "JavaScript library updated to wipe files from Russian computers". The Register. Situation Publishing. Archived from the original on 18 March 2022. Retrieved 18 March 2022.
- ^ "Alert: Peacenotwar module sabotages NPM developers in the node-ipc package to protest the invasion of Ukraine | Snyk". 16 March 2022. Archived from the original on 9 April 2022. Retrieved 18 March 2022.
- ^ "Open source maintainer pulls the plug on NPM packages colors and faker, now what? | Snyk". 9 January 2022.
- ^ "Node-ipc-dependencies-list". GitHub. 19 March 2022. Archived from the original on 16 April 2022. Retrieved 18 March 2022.
- ^ "BIG sabotage: Famous npm package deletes files to protest Ukraine war". Bleeping Computer. Archived from the original on 17 March 2022. Retrieved 17 March 2022.
- ^ Tal, Liran (16 March 2022). "Alert: peacenotwar module sabotages npm developers in the node-ipc package to protest the invasion of Ukraine". Snyk. Archived from the original on 9 April 2022. Retrieved 18 March 2022.
|
Overview |
---|
General | |
---|
Prelude | |
---|
Background | |
---|
Foreign relations | |
---|
|
|
|
---|
Southern Ukraine | |
---|
Eastern Ukraine | |
---|
Northern Ukraine | |
---|
Airstrikes by city | - Chernihiv strikes
- Dnipro strikes
- Ivano-Frankivsk strikes
- Kharkiv strikes
- Kherson strikes
- Khmelnytskyi strikes
- Kryvyi Rih strikes
- Kyiv strikes
- Lviv strikes
- Mykolaiv strikes
- Odesa strikes
- Rivne strikes
- Vinnytsia strikes
- Zaporizhzhia strikes
- Zhytomyr strikes
|
---|
Airstrikes on military targets | |
---|
Resistance | |
---|
Russian occupations | |
---|
Potentially related | |
---|
Other | |
---|
|
|
|
---|
General | |
---|
Attacks on civilians | |
---|
Crimes against soldiers | |
---|
Legal cases | |
---|
|
|
|
---|
States and official entities | General | |
---|
Ukraine | |
---|
Russia | |
---|
United States | |
---|
Other countries | - Belarus
- Canada
- China
- Croatia
- Denmark
- Federated States of Micronesia
- Federated States of Micronesia–Russia relations [ru]
- France
- Georgia [ru]
- Germany
- Hungary [hu]
- India
- Iran
- Israel
- Lithuania
- Moldova
- New Zealand
- Poland
- Syria [ru]
- Taiwan [zh-yue]
- United Kingdom
|
---|
United Nations | |
---|
International organizations | |
---|
Other | |
---|
|
---|
Public | |
---|
|
|
Impact |
---|
Effects | |
---|
Human rights | |
---|
Terms and phrases | |
---|
Popular culture | |
---|
|
|
|
|
- Category
|