Protests against the war in Ukraine sometimes take surprising forms, and not always very constructive. Outraged by Russian military coup, developer Brandon Nozaki Miller, aka ‘RIAEvangelist’, added destructive feature to software open-source of which he is the maintainer. In this case, it was the “node-ipc” package which is used by many JavaScript developers.
As Snyk analysts noticed, the protester added a piece of malicious code on March 7th. It checks whether the IP address is located in Russia or Belarus. If necessary, it searches the local directories of the computer and replaces the contents of the files found with a heart-shaped emoji. In other words, it erases data from the machine.
Also see video:
The idea was obviously to punish the Russians and the Belarusians. Unfortunately, this computer sabotage partially produced the opposite effect. Among the victims is an American association which collects information to document war crimes committed in Ukraine by the Russian army. After a node-ipc update, more than 30,000 messages and files were deleted on one of their servers located in Belarus.
“Due to the way the files were stored on the server, we cannot recover this data which is probably lost forever (…) Personally, me and my colleagues are devastated. All I can say is that your little scheme did more harm than Putin and Lukashenko could have done.” write the association’s maintainers to RIAEvangelist, in a comment on GitHub.
“Protestware” is on the rise
Fortunately, the maintainer only left behind his malicious code for a short time. It was deleted less than 24 hours later. But it was already enough to do quite a bit of damage. RIAEvangelist is not the only one who had the idea to sabotage modules open-source to protest against the war in Ukraine, as witnessed Wired.
Dozens of other software modules have already been hijacked in this way, as can be seen in certain lists that are beginning to reference them. Some just display messages of support for Ukrainians, others try to render PCs unusable or encrypt data. A new term has even been coined for this software: protestware “.