The author of the node-ipc npm module introduced malicious code when updating from Russia and Belarus

image

The developers have uploaded a node-ipc code to the repository that deletes files from the server. The vue-cli package was also affected.

On March 5, 2022, users of the popular JavaScript framework Vue.js faced an attack on the supply chain affecting the npm ecosystem. Sabotage was carried out in protest by the developers of the node-ipc package.

One of the developers implemented a code that damages files on the disk, and tried to hide this code. The attack was carried out in protest against the “special operation” and affected customers from Russia and Belarus.

Users have deobsuified the code, and found that users from Russia/Belarus with a 25% chance the code also replaces the contents of computer files with hearts.

As a result of using a vulnerable module, it can lead to the complete destruction of information on servers or computers of users with Russian IP addresses.

Start a discussion …