Home > Cyber News > Protestware Projects on GitHub Push Pro-Ukraine Ads and Data Wipers

Protestware Projects on GitHub Push Pro-Ukraine Ads and Data Wipers

Protestware Projects on GitHub Push Pro-Ukraine Ads and Data Wipers

Have you heard of protestware? Researchers have been tracking the so-called protestware projects across GitHub with recently added code that displays “Stand with Ukraine” messages. The same researchers are also tracking several code packages, recently modified to delete files on computers that most likely originate from Russian or Belarussian internet addresses.

Protestware Projects on GitHub

This shared researchers’ effort is being crowdsourced via Telegram, says security expert Brian Krebs. However, the “output of the Russian research group is centralized in a Google Spreadsheet that is open to the public.” The majority of the GitHub repositories tracked include relatively harmless components, such as messages showing support for Ukraine, and statistics about the war with links to more information on the Deep Web.

Of course, there are “more concerning examples,” such as the page for the popular JavaScript network vue-cli, which now contains a new component designed to wipe all files from any system visiting from a Russian or Belarussian IP address.

According to Alex Holden, a native Ukranian behind the Milwaukee-based cyber intelligence firm Hold Security, the real trouble is when protestware is included in code packages that get automatically fetched by many third-party software products. The researcher shared that some of the code projects tracked by the Russian research group are maintained by Ukrainian software developers.

The Trust in Open-Source Projects Is Now Gone

Others say that the Pandora box is now opened, and the trust in open-source projects is now completely destroyed. As pointed out by GitHub user nm17, now everybody is realizing that “their library/application can possibly be exploited to do/say whatever some random dev on the internet thought ‘was the right thing they to do.’ Not a single good came out of this ‘protest.’”

Related stories:

Russia Issues Its Own TLS Certificate Authority
Another Destructive Wiper Targeting Ukraine

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree