May. 8, 2022

Virtuous Malware

On March 7th, 2022, node-ipc developer RIAEvangelist, Brandon Nozaki Miller, pushed a commit containing malicious code which were carefully obfuscated. The commit, signed off as “added ssl check”, added a Geo location check on the end-user’s IP address which, and if it successfully matched an Russian or Belarus IP, it would erase all files on the infected system. The project owner and author of the malicious code made repeated attempts at hiding comments which brought up this new undesired behavior, deleting opened Issues on GitHub as well repeatedly as editing other GitHub users’ comments.