Peacenotwar (malware)
   HOME

TheInfoList



Click Here for Items Related To - Peacenotwar (malware)
OR:
Peacenotwar (malware) on:   [Wikipedia]   [Google]   [Amazon]

peacenotwar is a piece of malware/Protestware created by
Brandon Nozaki Miller Brandon Nozaki Miller, also known by the user name RIAEvangelist, is an American software developer and motorcyclist. Motorcycle career Miller is a pioneer in high-speed electric motorcycling. He began his riding career exclusively on electric mo ...
. In March 2022, it was added as a dependency in an update for node-ipc, a common
JavaScript JavaScript (), often abbreviated as JS, is a programming language that is one of the core technologies of the World Wide Web, alongside HTML and CSS. As of 2022, 98% of Website, websites use JavaScript on the Client (computing), client side ...
dependency.


Background

Between 7 March and 8 March 2022,
Brandon Nozaki Miller Brandon Nozaki Miller, also known by the user name RIAEvangelist, is an American software developer and motorcyclist. Motorcycle career Miller is a pioneer in high-speed electric motorcycling. He began his riding career exclusively on electric mo ...
, the maintainer of the node-ipc package on the npm package registry, released two updates containing malicious code targeting systems in Russia and Belarus (). A week later, Miller added the peacenotwar module as a dependency to node-ipc. The function of peacenotwar was to create a text file titled WITH-LOVE-FROM-AMERICA.txt on the desktop of affected machines, containing a message in protest of the
Russo-Ukrainian War The Russo-Ukrainian War; uk, російсько-українська війна, rosiisko-ukrainska viina. has been ongoing between Russia (alongside Russian separatist forces in Donbas, Russian separatists in Ukraine) and Ukraine since Feb ...
, and also imports a dependency on a package (nmp colors package) that would result in a
Denial of Service In computing, a denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connect ...
(DoS) to any server using it.


Impact

Because node-ipc was a common software dependency, it compromised several other projects which relied upon it. Among the affected projects known was
Vue.js Vue.js (commonly referred to as Vue; pronounced "view") is an open-source model–view–viewmodel front end JavaScript framework for building user interfaces and single-page applications. It was created by Evan You, and is maintained by him ...
, which required node-ipc as a dependency but didn't specify a version. Some users of Vue.js become affected if the dependency was fetched from specific packages. Unity Hub 3.1 was also affected, but a patch was issued the same day as the release.


See also

*
Malware Malware (a portmanteau for ''malicious software'') is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, depri ...
*
Hacktivism In Internet activism, hacktivism, or hactivism (a portmanteau of ''hack'' and ''activism''), is the use of computer-based techniques such as hacking as a form of civil disobedience to promote a political agenda or social change. With roots in hack ...
*
Reactions to the 2022 Russian invasion of Ukraine On 24 February 2022, in a major escalation of the Russo-Ukrainian War that began in 2014. The invasion caused Europe's largest refugee crisis since World War II, with more than 6.4 million Ukrainians fleeing the country and a third of ...


References

{{2022 Russian invasion of Ukraine Internet-based activism 2022 in computing Reactions to the 2022 Russian invasion of Ukraine Malware