protestware-list/protestware.md
2022-07-11 16:15:55 +03:00

4.8 KiB
Raw Blame History

Open source projects with protestware

peacenotwar

About project: ProtestWare NPM-package. repo

If any users are using IP in Russia or Belarus, all their file will be wiped entirely by hearts.

node-ipc

About project: NPM-module for Inter Process Communication. repo

CVE-2022-23812

Issue | Malware code | commit

If any users are using IP in Russia or Belarus, all their file will be wiped entirely with a heart emoji. Manually set a 25% probability at the beginning of the timeout, so that this thing looks more like a floating bug than something intentional.

This affects the package node-ipc from 10.1.1 and before 10.1.3. From versions 11.0.0 onwards, instead of having malicious code directly in the source of this package, node-ipc imports the peacenotwar package.

List of dependent modules

es5-ext

About project: ECMAScript extensions. repo

The popular npm-package which has not been updated for 2 years has started receiving regular updates that contain both propaganda and timezone code that increases resource utilization. Check the file _postinstall.js

Issue | commit

EventSource

About project: EventSource polyfill. repo

Issue | commit | code

The library displays political slogans on your site. To do this, it uses the alert() function with a 15 sec timeout if the user's time zone is Russian. After that, the library opens a political/malicious website in a pop-up window.

Evolution CMS

01.03.2022 since versions 3.1.10 and 1.4.17 political image added to the admin panel. сommit

The project was forked as Evolution CMS Community Edition to continue development without any political slogans.

voicybot

About project: bot for Telegram. repo

02.03.2022 Promo bot message modified to political slogan. Issue | commit

yandex-xml-library (PHP)

About project: un-official Yandex-XML PHP library. repo(removed)

A version of the package with a political slogan has been added to packagist, and the sources have been removed from the GitHub. The result is a broken project build. But there are 9 forks on GitHub.

AWS Terraform modules

repo

Added anti-Russian slogans and meaningless variables to the code. One of commits

Mistape WordPress plugin

https://wordpress.org/plugins/mistape/

Through a vulnerability in the popular Mistape plugin, an attacker gains access to the administrator sections, uploads the UnderConstruction plugin, with which it displays arbitrary information on the main page of the site. Usually this is a widget on the topic of current events in Ukraine. The author of the plugin on February 24 made changes to it. I waited until the update was distributed among users and began to exploit the vulnerability that was included there in a few days.

changeset

SweetAlert2

About project: JavaScript popup library. repo

Added the code to display propaganda and videos. Works only if the user has the Russian language selected in the browser, and the site where the code is executed is located in the .ru/.su/.рф zone. There is a fork without policy.

PR 18.04.2022 PR 05.07.2022