Open Source Module Reportedly Spreads Malware that Wipes Russian and Belarusian Drives

Node-IPC, a JavaScript module for interprocess communication used in building software reportedly contained malicious code that wiped systems geolocated in Russia and Belarus.

Software security company Snyk reported that node-ipc had been updated with a malicious package that targets IP addresses from Russia or Belarus and overwrites their files with a heart emoji.

Snyk assigned the node-ipc vulnerability an ID – CVE-2022-23812 with a 9.8 (critical) CVSS score.

Node-ipc developer and maintainer Brandon Nozaki-Miller initially denied adding the malicious code but later announced that he added another module called “peacenotwar”  which created a file with Ukraine war-related messaging placed in their desktop directory.

Peacenotwar reportedly added a text file  ‘WITH-LOVE-FROM-AMERICA.txt’ that said “War is not the answer” and asked audiences to forgive soldiers while another version of the code also created files on users’ systems documenting the current war situation in Ukraine.

“>U DOWNLOADED MY SOFTWARE FOR FREE SO IM ALLOWED TO WIPE UR COMPUTER,” said Miller.

Despite Miller’s alleged intentions for the node-ipc module. Snyk said that his actions undermined the global open source community.

“This security incident involves destructive acts of corrupting files on disk by one maintainer and their attempts to hide and restate that deliberate sabotage in different forms,” said Snyk’s director of developer advocacy Liran Tal.


© Fourth Estate® — All Rights Reserved.
This material may not be published, broadcast, rewritten or redistributed.