page =
url = https://krebsonsecurity.com
krebs on security – in-depth security news and …
The upstart tracking effort is being crowdsourced via Telegram , but the output of the Russian research group is centralized in a Google Spreadsheet that is open to the public . Most of the GitHub code repositories tracked by this group include relatively harmless components that will either display a simple message in support of Ukraine, or show statistics about the war in Ukraine — such as casualty numbers — and links to more information on the Deep Web.
For example, the popular library ES5-ext hadn’t updated its code in nearly two years. But on March 7, the code project added a component “ postinstall.js ,” which checks to see if the user’s computer is tied to a Russian Internet address. If so, the code broadcasts a “Call for peace:”
A message that appears for Russian users of the popular es5-ext code library on GitHub. The message has been Google-Translated from Russian to English.
A more concerning example can be found at the GitHub page for “ vue-cli ,” a popular Javascript framework for building web-based user interfaces. On March 15, users discovered a new component had been added that was designed to wipe all files from any systems visiting from a Russian or Belarusian Internet address (the malicious code has since been removed):
Readers complaining that an update to the popular Vue-Cli package sought to wipe files if the user was coming from a Russian IP address.
“Man, I love politics in my APIs,” GitHub user “ MSchleckser ” commented wryly on Mar. 15. Continue reading →
Pro-Ukraine ‘Protestware’ Pushes Antiwar Ads, Geo-Targeted Malware