peacenotwar (malware)

peacenotwar
Common name	peacenotwar
Type	Malware
Subtype	JavaScript Payload
Author(s)	Brandon Nozaki Miller
Written in	JavaScript

peacenotwar is a piece of malware created by Brandon Nozaki Miller. In March 2022, it was added as a dependency in an update for node-ipc, a common JavaScript dependency.

Background[edit]

Between 7 March and 8 March 2022, Brandon Nozaki Miller, the maintainer of the node-ipc package on the npm package registry, released two updates containing malicious code targeting systems in Russia and Belarus (CVE-2022-23812).^[1]^[2] A week later, Miller added the peacenotwar module as a dependency to node-ipc.^[3] The first function of peacenotwar was to create a text file titled WITH-LOVE-FROM-AMERICA.txt on the desktop of affected machines, containing a message in protest of the Russo-Ukrainian War. The second function was geolocating infected systems by IP address. If the infected machine's IP was identified as belonging to Russian or Belarusian users, all files on the system were overwritten with heart emojis.^[3]^[4]^[5]

Impact[edit]

Because node-ipc was a common software dependency, it compromised several other projects which relied upon it.^[6]

Among the affected projects known was Vue.js, which required node-ipc as a dependency but didn't specify a version. Some users of Vue.js become affected if the dependency was fetched from specific packages. Unity Hub 3.1 was also affected, but a patch was issued the same day as the release.^[7]^[5]

References[edit]

^ Juha Saarinen (17 March 2022). "'Protestware' npm package dependency labelled supply-chain attack". IT News. nextmedia.
^ "Open Source Maintainer Sabotages Code to Wipe Russian, Belarusian Computers". Vice News. Retrieved 18 March 2022.
^ ^a ^b Proven, Liam (18 March 2022). "JavaScript library updated to wipe files from Russian computers". The Register. Situation Publishing. Archived from the original on 18 March 2022. Retrieved 18 March 2022.
^ "CVE-2022-23812 Detail". National Vulnerability Database. NIST. Retrieved 17 March 2022.
^ ^a ^b Tal, Liran (16 March 2022). "Alert: peacenotwar module sabotages npm developers in the node-ipc package to protest the invasion of Ukraine". Snyk.
^ "Node-ipc-dependencies-list". GitHub. 19 March 2022.
^ "BIG sabotage: Famous npm package deletes files to protest Ukraine war". Bleeping Computer. Retrieved 17 March 2022.

[1] Juha Saarinen (17 March 2022). "'Protestware' npm package dependency labelled supply-chain attack". IT News. nextmedia.

[2] "Open Source Maintainer Sabotages Code to Wipe Russian, Belarusian Computers". Vice News. Retrieved 18 March 2022.

[register-3] Proven, Liam (18 March 2022). "JavaScript library updated to wipe files from Russian computers". The Register. Situation Publishing. Archived from the original on 18 March 2022. Retrieved 18 March 2022.

[nvd-4] "CVE-2022-23812 Detail". National Vulnerability Database. NIST. Retrieved 17 March 2022.

[Snyk-5] Tal, Liran (16 March 2022). "Alert: peacenotwar module sabotages npm developers in the node-ipc package to protest the invasion of Ukraine". Snyk.

[6] "Node-ipc-dependencies-list". GitHub. 19 March 2022.

[7] "BIG sabotage: Famous npm package deletes files to protest Ukraine war". Bleeping Computer. Retrieved 17 March 2022.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

peacenotwar (malware)

Background[edit]

Impact[edit]

References[edit]

Navigation menu

Search