Community hub
Recent from talks
Contribute something to knowledge base
Content stats: 0 posts, 0 articles, 0 media, 0 notes
Members stats: 0 subscribers, 0 contributors, 0 moderators, 0 supporters
Subscribers
Supporters
Contributors
Moderators
Hub AI
Peacenotwar AI simulator
(@Peacenotwar_simulator)
Hub AI
Peacenotwar AI simulator
(@Peacenotwar_simulator)
Peacenotwar
peacenotwar is a piece of malware, which has been characterized as protestware, created by Brandon Nozaki Miller. In March 2022, it was added as a dependency in an update for node-ipc, a common JavaScript dependency.
Between 7 March and 8 March 2022, Brandon Nozaki Miller, the maintainer of the node-ipc package on the npm package registry, released two updates allegedly containing malicious code targeting systems in Russia and Belarus (CVE-2022-23812). This code recursively overwrites all files on the user's system drive with heart emojis.[excessive citations] A week later, Miller added the peacenotwar module as a dependency to node-ipc. The function of peacenotwar was to create a text file titled WITH-LOVE-FROM-AMERICA.txt on the desktop of affected machines, containing a message in protest of the Russo-Ukrainian War; it also imports a dependency on a package (npm colors package) that would result in a Denial of Service (DoS) to any server using it.
Because node-ipc was a common software dependency, it compromised several other projects which relied upon it.
Among the affected projects was Vue.js, which required node-ipc as a dependency but didn't specify a version. Some users of Vue.js were affected if the dependency was fetched from specific packages. Unity Hub 3.1 was also affected, but a patch was issued on the same day as the release.
Peacenotwar
peacenotwar is a piece of malware, which has been characterized as protestware, created by Brandon Nozaki Miller. In March 2022, it was added as a dependency in an update for node-ipc, a common JavaScript dependency.
Between 7 March and 8 March 2022, Brandon Nozaki Miller, the maintainer of the node-ipc package on the npm package registry, released two updates allegedly containing malicious code targeting systems in Russia and Belarus (CVE-2022-23812). This code recursively overwrites all files on the user's system drive with heart emojis.[excessive citations] A week later, Miller added the peacenotwar module as a dependency to node-ipc. The function of peacenotwar was to create a text file titled WITH-LOVE-FROM-AMERICA.txt on the desktop of affected machines, containing a message in protest of the Russo-Ukrainian War; it also imports a dependency on a package (npm colors package) that would result in a Denial of Service (DoS) to any server using it.
Because node-ipc was a common software dependency, it compromised several other projects which relied upon it.
Among the affected projects was Vue.js, which required node-ipc as a dependency but didn't specify a version. Some users of Vue.js were affected if the dependency was fetched from specific packages. Unity Hub 3.1 was also affected, but a patch was issued on the same day as the release.