peacenotwar
Source: Wikipedia, the free encyclopedia.
Malware
Common name | peacenotwar |
---|---|
Type | Brandon Nozaki Miller |
Written in | JavaScript |
peacenotwar is a piece of malware/Protestwarenode-ipc, a common JavaScript dependency.
Background
Between 7 March and 8 March 2022,
Impact
Because node-ipc
was a common software dependency, it compromised several other projects which relied upon it.[13]
Among the affected projects was Vue.js, which required node-ipc
as a dependency but didn't specify a version. Some users of Vue.js were affected if the dependency was fetched from specific packages. Unity Hub 3.1 was also affected, but a patch was issued on the same day as the release.[14][15]
See also
- Malware
- Hacktivism
- Reactions to the 2022 Russian invasion of Ukraine
- Anti-Russian sentiment
References
- ^ "Open source 'protestware' harms Open Source - Voices of Open Source". 24 March 2022.
- ^ Dan Goodin (18 March 2022). "Sabotage: Code added to popular NPM package wiped files in Russia and Belarus". Ars Technica.
- ^ "Open Source Maintainer Sabotages Code to Wipe Russian, Belarusian Computers". Vice News. 18 March 2022. Retrieved 18 March 2022.
- ^ Lucian Constantin (19 March 2022). "Developer sabotages own npm module prompting open-source supply chain security questions". Computer Security Online. Retrieved 16 March 2024.
- ^ Adam Bannister (21 March 2022). "NPM maintainer targets Russian users with data-wiping 'protestware'". The Daily Swig: Cybersecurity News and Views. Retrieved 16 March 2024.
- ^ "Embedded Malicious Code in node-ipc". GitHub. Retrieved 16 March 2024.
- ^ "CVE-2022-23812 Detail". National Vulnerability Database. Retrieved 16 March 2024.
- ^ Ax Sharma (17 March 2022). "BIG sabotage: Famous npm package deletes files to protest Ukraine war". Bleeping Computer. Retrieved 16 March 2024.
- ^ "CVE-2022-23812". GitHub. Retrieved 16 March 2024.
- ^ Proven, Liam (18 March 2022). "JavaScript library updated to wipe files from Russian computers". The Register. Situation Publishing. Archived from the original on 18 March 2022. Retrieved 18 March 2022.
- ^ "Alert: Peacenotwar module sabotages NPM developers in the node-ipc package to protest the invasion of Ukraine | Snyk". 16 March 2022.
- ^ "Open source maintainer pulls the plug on NPM packages colors and faker, now what? | Snyk". 9 January 2022.
- ^ "Node-ipc-dependencies-list". GitHub. 19 March 2022.
- ^ "BIG sabotage: Famous npm package deletes files to protest Ukraine war". Bleeping Computer. Retrieved 17 March 2022.
- ^ Tal, Liran (16 March 2022). "Alert: peacenotwar module sabotages npm developers in the node-ipc package to protest the invasion of Ukraine". Snyk.