Popular JS Package node-ipc Adds Malicious “Protest-ware” On Purpose

March 18, 2022

In this blog, I will let you about the malicious “protestware” (reall malware) that RIAEvangelist / Brandon Miller Purposefully added to the popular node-ipc package. This is a javascript package that has almost 5 million monthly downloads and results in create a text file on the users desktop called FROM-AMERICA-WITH-LOVE.txt and also corrupts all files on the computer by overwriting their contents with heart emoji's if the user happens to be in Russia or Belarus (or happens to have a Russian/Belarusian geolocation/ip address from using a VPN). This is one of the most shameful things to happen in the opensource community, check this link below for an unoffical list of packages that are affected by this to make sure you are secure.

Link to the github repo:

https://github.com/zlw9991/node-ipc-dependencies-list

https://gist.github.com/MidSpike/f7ae3457420af78a54b38a31cc0c809c

Sources:

https://snyk.io/blog/peacenotwar-malicious-npm-node-ipc-package-vulnerability/