PeaceNotWar (Malware Family)

SYMBOL	COMMON_NAME	aka. SYNONYMS

js.peacenotwar (Back to overview)

PeaceNotWar

PeaceNotWar was integrated into the nodejs module node-ipc as a piece of malware/protestware with wiper characteristics. It targets machines with a public IP address located in Russia and Belarus (using geolocation) and overwrites files recursively using a heart emoji.

References

2022-03-18 ⋅ Vice Motherboard ⋅ Joseph Cox
Open Source Maintainer Sabotages Code to Wipe Russian, Belarusian Computers
PeaceNotWar

2022-03-17 ⋅ Bleeping Computer ⋅ Ax Sharma
BIG sabotage: Famous npm package deletes files to protest Ukraine war
PeaceNotWar

2022-03-16 ⋅ Github (MidSpike) ⋅ Tyler Resch
CVE-2022-23812: RIAEvangelist/node-ipc is malware / protestware
PeaceNotWar

There is no Yara-Signature yet.

PeaceNotWar Propose Change

References

PeaceNotWar