Peacenotwar

Last updated

peacenotwar
Type Malware
SubtypeJavaScript Payload
Authors Brandon Nozaki Miller
Technical details
Written in JavaScript

peacenotwar is a piece of malware, which has been characterized as protestware, [1] created by Brandon Nozaki Miller. In March 2022, it was added as a dependency in an update for node-ipc, a common JavaScript dependency.

Contents

Background

Between 7 March and 8 March 2022, Brandon Nozaki Miller, the maintainer of the node-ipc package on the npm package registry, released two updates containing malicious code targeting systems in Russia and Belarus (CVE - 2022-23812). This code recursively overwrites all files on the user's system drive with heart emojis. [2] [3] [4] [5] [6] [7] [8] [9] A week later, Miller added the peacenotwar module as a dependency to node-ipc. [10] The function of peacenotwar was to create a text file titled WITH-LOVE-FROM-AMERICA.txt on the desktop of affected machines, containing a message in protest of the Russo-Ukrainian War; it also imports a dependency on a package (npm colors package) that would result in a Denial of Service (DoS) to any server using it. [11] [12]

Impact

Because node-ipc was a common software dependency, it compromised several other projects which relied upon it. [13]

Among the affected projects was Vue.js, which required node-ipc as a dependency but didn't specify a version. Some users of Vue.js were affected if the dependency was fetched from specific packages. Unity Hub 3.1 was also affected, but a patch was issued on the same day as the release. [14] [15]

See also

Related Research Articles

The Comprehensive Perl Archive Network (CPAN) is a repository of over 250,000 software modules and accompanying documentation for 39,000 distributions, written in the Perl programming language by over 12,000 contributors. CPAN can denote either the archive network or the Perl program that acts as an interface to the network and as an automated software installer. Most software on CPAN is free and open source software.

<span class="mw-page-title-main">OpenSSL</span> Open-source implementation of the SSL and TLS protocols

OpenSSL is a software library for applications that provide secure communications over computer networks against eavesdropping, and identify the party at the other end. It is widely used by Internet servers, including the majority of HTTPS websites.

TypeScript is a free and open-source high-level programming language developed by Microsoft that adds static typing with optional type annotations to JavaScript. It is designed for the development of large applications and transpiles to JavaScript. Because TypeScript is a superset of JavaScript, all JavaScript programs are syntactically valid TypeScript, but they can fail to type-check for safety reasons.


This is a comparison of notable free and open-source configuration management software, suitable for tasks like server configuration, orchestration and infrastructure as code typically performed by a system administrator.

<span class="mw-page-title-main">GitHub</span> Hosting service for software projects

GitHub is a developer platform that allows developers to create, store, manage and share their code. It uses Git software, providing the distributed version control of Git plus access control, bug tracking, software feature requests, task management, continuous integration, and wikis for every project. Headquartered in California, it has been a subsidiary of Microsoft since 2018.

<span class="mw-page-title-main">Node.js</span> JavaScript runtime environment

Node.js is a cross-platform, open-source JavaScript runtime environment that can run on Windows, Linux, Unix, macOS, and more. Node.js runs on the V8 JavaScript engine, and executes JavaScript code outside a web browser.

npm JavaScript package manager

npm is a package manager for the JavaScript programming language maintained by npm, Inc., a subsidiary of GitHub. npm is the default package manager for the JavaScript runtime environment Node.js and is included as a recommended feature in the Node.js installer.

Pretty Diff is a language-aware data comparison utility implemented in TypeScript. The online utility is capable of source code prettification, minification, and comparison of two pieces of input text. It operates by removing code comments from supported languages and then performs a pretty-print operation prior to executing the diff algorithm. An abbreviated list of unit tests is provided. The documentation claims the JavaScript pretty-print operation conforms to the requirements of JSLint.

Yeoman is an open source client-side scaffolding tool for web applications. Yeoman runs as a command-line interface written for Node.js and combines several functions into one place, such as generating a starter template, managing dependencies, running unit tests, providing a local development server, and optimizing production code for deployment.

<span class="mw-page-title-main">Brandon Nozaki Miller</span> American motorcycle racer

Brandon Nozaki Miller, also known by the user name RIAEvangelist, is an American software developer and motorcyclist.

<span class="mw-page-title-main">Composer (software)</span> Software; application level dependency manager for the PHP programming language

Composer is an application-level dependency manager for the PHP programming language that provides a standard format for managing dependencies of PHP software and required libraries. It was developed by Nils Adermann and Jordi Boggiano, who continue to manage the project. They began development in April 2011 and first released it on March 1, 2012. Composer is strongly inspired by Node.js's "npm" and Ruby's "bundler". The project's dependency solving algorithm started out as a PHP-based port of openSUSE's libzypp SAT solver.

<span class="mw-page-title-main">Browserify</span> Open-source JavaScript tool

Browserify is an open-source JavaScript bundler tool that allows developers to write and use Node.js-style modules that compile for use in the browser.

<span class="mw-page-title-main">DNF (software)</span> RPM package manager

DNF or Dandified YUM is the next-generation version of the Yellowdog Updater, Modified (yum), a package manager for .rpm-based Linux distributions. DNF was introduced in Fedora 18 in 2013; it has been the default package manager since Fedora 22 in 2015, Red Hat Enterprise Linux 8, and OpenMandriva, and is also an alternative package manager for Mageia.

<span class="mw-page-title-main">Webpack</span> Open-source JavaScript module bundler

Webpack is a free and open-source module bundler for JavaScript. It is made primarily for JavaScript, but it can transform front-end assets such as HTML, CSS, and images if the corresponding loaders are included. Webpack takes modules with dependencies and generates static assets representing those modules.

gulp is an open-source JavaScript toolkit, used as a streaming build system in front-end web development.

Grunt is a JavaScript task runner, a tool used to automatically perform frequent tasks such as minification, compilation, unit testing, and linting. It uses a command-line interface to run custom tasks defined in a file. Grunt was created by Ben Alman and is written in Node.js. It is distributed via npm. As of October 2022, there were more than 6,000 plugins available in the Grunt ecosystem.

<span class="mw-page-title-main">Yarn (package manager)</span> JavaScript package manager

Yarn is one of the main JavaScript package managers, developed in 2016 by Sebastian McKenzie of Meta for the Node.js JavaScript runtime environment. An alternative to the npm package manager, Yarn was created as a collaboration of Facebook, Exponent, Google, and Tilde to solve consistency, security, and performance problems with large codebases.

<span class="mw-page-title-main">Deno (software)</span> Secure JavaScript and TypeScript runtime

Deno is a runtime for JavaScript, TypeScript, and WebAssembly that is based on the V8 JavaScript engine and the Rust programming language. Deno was co-created by Ryan Dahl, who also created Node.js.

<span class="mw-page-title-main">AssemblyScript</span> Programming language, variant of TypeScript that compiles to WebAssembly

AssemblyScript is a TypeScript-based programming language that is optimized for, and statically compiled to, WebAssembly. Resembling ECMAScript and JavaScript, but with static types, the language is developed by the AssemblyScript Project with contributions from the AssemblyScript community.

On March 22, 2016, software engineer Azer Koçulu removed a package he had published, titled left-pad, from npm. Koçulu deleted the package following a dispute with Kik, in which the company forcibly took control of his package name kik. As a result, thousands of software projects that utilized left-pad as a dependency, including the Babel transcompiler and the React web framework, were unable to be built or installed.

References

  1. "Open source 'protestware' harms Open Source - Voices of Open Source". 24 March 2022. Archived from the original on 11 January 2024. Retrieved 9 June 2024.
  2. Dan Goodin (18 March 2022). "Sabotage: Code added to popular NPM package wiped files in Russia and Belarus". Ars Technica . Archived from the original on 31 December 2023. Retrieved 9 June 2024.
  3. "Open Source Maintainer Sabotages Code to Wipe Russian, Belarusian Computers". Vice News . 18 March 2022. Archived from the original on 18 March 2022. Retrieved 18 March 2022.
  4. Lucian Constantin (19 March 2022). "Developer sabotages own npm module prompting open-source supply chain security questions". Computer Security Online. Retrieved 16 March 2024.
  5. Adam Bannister (21 March 2022). "NPM maintainer targets Russian users with data-wiping 'protestware'". The Daily Swig: Cybersecurity News and Views. Archived from the original on 16 March 2024. Retrieved 16 March 2024.
  6. "Embedded Malicious Code in node-ipc". GitHub. Retrieved 16 March 2024.
  7. "CVE-2022-23812 Detail". National Vulnerability Database. Retrieved 16 March 2024.
  8. Ax Sharma (17 March 2022). "BIG sabotage: Famous npm package deletes files to protest Ukraine war". Bleeping Computer. Archived from the original on 17 March 2022. Retrieved 16 March 2024.
  9. "CVE-2022-23812". GitHub. Archived from the original on 16 March 2024. Retrieved 16 March 2024.
  10. Proven, Liam (18 March 2022). "JavaScript library updated to wipe files from Russian computers". The Register . Situation Publishing. Archived from the original on 18 March 2022. Retrieved 18 March 2022.
  11. "Alert: Peacenotwar module sabotages NPM developers in the node-ipc package to protest the invasion of Ukraine | Snyk". 16 March 2022. Archived from the original on 9 April 2022. Retrieved 18 March 2022.
  12. "Open source maintainer pulls the plug on NPM packages colors and faker, now what? | Snyk". 9 January 2022.
  13. "Node-ipc-dependencies-list". GitHub . 19 March 2022. Archived from the original on 16 April 2022. Retrieved 18 March 2022.
  14. "BIG sabotage: Famous npm package deletes files to protest Ukraine war". Bleeping Computer . Archived from the original on 17 March 2022. Retrieved 17 March 2022.
  15. Tal, Liran (16 March 2022). "Alert: peacenotwar module sabotages npm developers in the node-ipc package to protest the invasion of Ukraine". Snyk. Archived from the original on 9 April 2022. Retrieved 18 March 2022.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.