On March 7th, 2022, node-ipc developer RIAEvangelist, Brandon Nozaki Miller, pushed a commit containing malicious code which were carefully obfuscated. The commit, signed off as “added ssl check”, added a Geo location check on the end-user’s IP address which, and if it successfully matched an Russian or Belarus IP, it would erase all files on the infected system.
The project owner and author of the malicious code made repeated attempts at hiding comments which brought up this new undesired behavior, deleting opened Issues on GitHub as well repeatedly as editing other GitHub users’ comments. The project owner outright denied adding the code on several occasions at first. However, when confronted with evidence from multiple people, they went on to acknowledge that the code did indeed have a Geo check, but made repeated claims it did not have a malicious effect on the targets. The project owner ultimately admitted to the allegations, claiming the deed was done because they couldn’t just stand by, not doing something for the cause.