But node.ipc also added code to locate its users and wipe files if they were found within Russia or Belarus.
Malicious code of March 15, according to To Liran Tal, a researcher at cybersecurity firm Snyk. The new code is hidden in the base64-encoded data, so it’s hard to spot.
Shortly after downloading the code, a GitHub postal The virus went viral claiming the code hit a server run by a US NGO in Belarus and that the breach “resulted in the execution of your code and the erasure of more than 30,000 messages and files detailing what Russian military and government officials have committed in Ukraine” war crimes.”
According to Snyk, the code was still part of the package in less than a day. The purported sources from US NGOs have not been confirmed, nor has any organization issued a public statement about any damage.
“While this was a protest-motivated attack, it highlights a larger problem facing the software supply chain: transitive dependencies in your code can have a huge impact on your security,” Tal wrote.
This isn’t the first time open source developers have broken their own projects.In January, the author of another popular project called color added a Infinite loop Their code makes any server running it unusable until the problem is fixed.
a new movement
Protestware is just the latest in many attempts by activists to use technology to break through Russian censorship and deliver an anti-war message.activists have been using Targeted advertising push news Ordinary Russians about the Ukrainian war, who would otherwise be at the mercy of accelerated censorship and ubiquitous state propaganda.Crowdsourcing Comment and Anti-war pop-up message It is a tactic that has been employed since the beginning of the Russian military invasion.
For the most part, the protest software is more proof that much of what we can publicly see from the cyberwar over Ukraine is directly related to the most important first information campaign.
Protestware could deliver a similar anti-war message, but there are concerns in the open source community that the potential for sabotage — especially if it goes beyond simple anti-intrusion messages and starts destroying data — could disrupt the open source ecosystem. Although it is not as well known as commercial software, Open source software is very important Run all aspects of the Internet.
“Pandora’s box is now open, and from then on those who use open source will feel xenophobic more than ever, including all,” wrote GitHub user NM17. “The trust factor of open source based on the goodwill of developers. It’s practically gone now, and more and more people are realizing that one day their library/app might be exploited to do/say whatever random development on the internet thinks is “the right thing to do”. This ‘protest’ has done no good.”