Sabotage: Code added to popular NPM package wiped files in Russia and Belarus
#Security Testing#Malware Analysis
A dataset release policy for the Android Malware Genome Project, requiring authentication and justification for access to the dataset.
A developer has been caught adding malicious code
A developer has been caught inserting malicious code into a widely-used open-source package. This code was designed to delete files on computers in Russia and Belarus as part of a protest. This action has angered many users and raised serious concerns about the security of free and open-source software.
The Application node-ipc: Enhancing Remote Communication and Networking
The application, node-ipc, provides remote interprocess communication and neural networking capabilities to various open source code libraries. As a dependency, node-ipc is automatically downloaded and integrated into other libraries, including popular ones like Vue.js CLI, which boasts over 1 million weekly downloads.
A Deliberate and Dangerous Act: Two weeks ago, the author of node-ipc released a new version of the library that intentionally sabotaged computers in Russia and Belarus, the countries involved in the invasion of Ukraine.
