<style>/*<link href='https://www.blogger.com/dyn-css/authorization.css?targetBlogID=3589136026507255572&zx=eade4ae4-2c1e-4ba4-b308-2df48e9fbda9' media='none' onload='if(media!='all')media='all'' rel='stylesheet'/><noscript><link href='https://www.blogger.com/dyn-css/authorization.css?targetBlogID=3589136026507255572&zx=eade4ae4-2c1e-4ba4-b308-2df48e9fbda9' rel='stylesheet'/></noscript>
<meta name='google-adsense-platform-account' content='ca-host-pub-1556223355139109'/>
<meta name='google-adsense-platform-domain' content='blogspot.com'/>

<script async src="https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-2831139136270004&host=ca-host-pub-1556223355139109" crossorigin="anonymous"></script>

<!-- data-ad-client=ca-pub-2831139136270004 -->

<link rel="stylesheet" href="https://fonts.googleapis.com/css2?display=swap&family=Roboto&family=Open+Sans&family=Consolas&family=Source+Sans+Pro&family=Raleway"></head><body>*/</style>

node-ipc malware removal

What is node-ipc malware ?

node-ipc is a package that contains malicious code, that targets users with IP located in Russia or Belarus, and overwrites their files with a heart emoji.

Malicious Code: Don't run it!

node-ipc malware, node-ipc, node-ipc malware removal

to fix it Upgrade node-ipc to version 10.1.3 or higher.

"The malicious code was intended to overwrite arbitrary files dependent upon the geo-location of the user IP address," the Microsoft-owned biz said.

Whenever node-ipc versions 11 or 9.2.2 are used as a dependency by another project, they bring in peacenotwar and run it, leaving files on people's computers. Version 9.2.2 has disappeared from the NPM registry along with the destructive 10.1.x versions. Vue.js, for one, brought in node-ipc 9.2.2 while it was available, as 9.x is considered a stable branch, meaning there was a period in which some Vue developers may have had .txt files show up unexpectedly.

<style>/*
<script type="text/javascript" src="https://www.blogger.com/static/v1/widgets/3586246945-widgets.js"></script>
<script type='text/javascript'>
window['__wavt'] = 'AOuZoY7KFuom2183haszsDfs5SIFNuAwXw:1728242297151';_WidgetManager._Init('//www.blogger.com/rearrange?blogID\x3d3589136026507255572','//mango-school.blogspot.com/2022/03/node-ipc-malware-removal.html','3589136026507255572');
_WidgetManager._SetDataContext([{'name': 'blog', 'data': {'blogId': '3589136026507255572', 'title': 'Mango School for Information Technology and Cyber Security', 'url': 'https://mango-school.blogspot.com/2022/03/node-ipc-malware-removal.html', 'canonicalUrl': 'https://mango-school.blogspot.com/2022/03/node-ipc-malware-removal.html', 'homepageUrl': 'https://mango-school.blogspot.com/', 'searchUrl': 'https://mango-school.blogspot.com/search', 'canonicalHomepageUrl': 'https://mango-school.blogspot.com/', 'blogspotFaviconUrl': 'https://mango-school.blogspot.com/favicon.ico', 'bloggerUrl': 'https://www.blogger.com', 'hasCustomDomain': false, 'httpsEnabled': true, 'enabledCommentProfileImages': true, 'gPlusViewType': 'FILTERED_POSTMOD', 'adultContent': false, 'analyticsAccountNumber': '', 'encoding': 'UTF-8', 'locale': 'en', 'localeUnderscoreDelimited': 'en', 'languageDirection': 'ltr', 'isPrivate': false, 'isMobile': false, 'isMobileRequest': false, 'mobileClass': '', 'isPrivateBlog': false, 'isDynamicViewsAvailable': true, 'feedLinks': '\x3clink rel\x3d\x22alternate\x22 type\x3d\x22application/atom+xml\x22 title\x3d\x22Mango School for Information Technology and Cyber Security - Atom\x22 href\x3d\x22https://mango-school.blogspot.com/feeds/posts/default\x22 /\x3e\n\x3clink rel\x3d\x22alternate\x22 type\x3d\x22application/rss+xml\x22 title\x3d\x22Mango School for Information Technology and Cyber Security - RSS\x22 href\x3d\x22https://mango-school.blogspot.com/feeds/posts/default?alt\x3drss\x22 /\x3e\n\x3clink rel\x3d\x22service.post\x22 type\x3d\x22application/atom+xml\x22 title\x3d\x22Mango School for Information Technology and Cyber Security - Atom\x22 href\x3d\x22https://www.blogger.com/feeds/3589136026507255572/posts/default\x22 /\x3e\n\n\x3clink rel\x3d\x22alternate\x22 type\x3d\x22application/atom+xml\x22 title\x3d\x22Mango School for Information Technology and Cyber Security - Atom\x22 href\x3d\x22https://mango-school.blogspot.com/feeds/3829506180520262340/comments/default\x22 /\x3e\n', 'meTag': '', 'adsenseClientId': 'ca-pub-2831139136270004', 'adsenseHostId': 'ca-host-pub-1556223355139109', 'adsenseHasAds': true, 'adsenseAutoAds': true, 'boqCommentIframeForm': true, 'loginRedirectParam': '', 'view': '', 'dynamicViewsCommentsSrc': '//www.blogblog.com/dynamicviews/4224c15c4e7c9321/js/comments.js', 'dynamicViewsScriptSrc': '//www.blogblog.com/dynamicviews/5567c04bb654202b', 'plusOneApiSrc': 'https://apis.google.com/js/platform.js', 'disableGComments': true, 'interstitialAccepted': false, 'sharing': {'platforms': [{'name': 'Get link', 'key': 'link', 'shareMessage': 'Get link', 'target': ''}, {'name': 'Facebook', 'key': 'facebook', 'shareMessage': 'Share to Facebook', 'target': 'facebook'}, {'name': 'BlogThis!', 'key': 'blogThis', 'shareMessage': 'BlogThis!', 'target': 'blog'}, {'name': 'Twitter', 'key': 'twitter', 'shareMessage': 'Share to Twitter', 'target': 'twitter'}, {'name': 'Pinterest', 'key': 'pinterest', 'shareMessage': 'Share to Pinterest', 'target': 'pinterest'}, {'name': 'Email', 'key': 'email', 'shareMessage': 'Email', 'target': 'email'}], 'disableGooglePlus': true, 'googlePlusShareButtonWidth': 0, 'googlePlusBootstrap': '\x3cscript type\x3d\x22text/javascript\x22\x3ewindow.___gcfg \x3d {\x27lang\x27: \x27en\x27};\x3c/script\x3e'}, 'hasCustomJumpLinkMessage': true, 'jumpLinkMessage': 'Read-more \xbb', 'pageType': 'item', 'postId': '3829506180520262340', 'postImageThumbnailUrl': 'https://blogger.googleusercontent.com/img/a/AVvXsEghxQmEJ73AOrKOQZCYjmsGsyuEK0KO2fCgC9F7oavjAechzbRPSYMH_se6IoIcjc6YVlor2l_nXZRisAAaHMZSyGfA2a3YVpP345ICUpEFHUsoVrq_3YDFtdVbsAvZUjiy9PeE9Yl-qaraMoVOEfZpKP0REgjd0rDsGgK4PWZZGrKToYM_LJ1NI0kDrg\x3ds72-w225-c-h400', 'postImageUrl': 'https://blogger.googleusercontent.com/img/a/AVvXsEghxQmEJ73AOrKOQZCYjmsGsyuEK0KO2fCgC9F7oavjAechzbRPSYMH_se6IoIcjc6YVlor2l_nXZRisAAaHMZSyGfA2a3YVpP345ICUpEFHUsoVrq_3YDFtdVbsAvZUjiy9PeE9Yl-qaraMoVOEfZpKP0REgjd0rDsGgK4PWZZGrKToYM_LJ1NI0kDrg\x3dw225-h400', 'pageName': 'node-ipc malware removal', 'pageTitle': 'Mango School for Information Technology and Cyber Security: node-ipc malware removal', 'metaDescription': 'node-ipc is a package that contains malicious code, that targets users with IP located in Russia or Belarus'}}, {'name': 'features', 'data': {}}, {'name': 'messages', 'data': {'edit': 'Edit', 'linkCopiedToClipboard': 'Link copied to clipboard!', 'ok': 'Ok', 'postLink': 'Post Link'}}, {'name': 'template', 'data': {'name': 'custom', 'localizedName': 'Custom', 'isResponsive': true, 'isAlternateRendering': false, 'isCustom': true}}, {'name': 'view', 'data': {'classic': {'name': 'classic', 'url': '?view\x3dclassic'}, 'flipcard': {'name': 'flipcard', 'url': '?view\x3dflipcard'}, 'magazine': {'name': 'magazine', 'url': '?view\x3dmagazine'}, 'mosaic': {'name': 'mosaic', 'url': '?view\x3dmosaic'}, 'sidebar': {'name': 'sidebar', 'url': '?view\x3dsidebar'}, 'snapshot': {'name': 'snapshot', 'url': '?view\x3dsnapshot'}, 'timeslide': {'name': 'timeslide', 'url': '?view\x3dtimeslide'}, 'isMobile': false, 'title': 'node-ipc malware removal', 'description': 'node-ipc is a package that contains malicious code, that targets users with IP located in Russia or Belarus', 'featuredImage': 'https://blogger.googleusercontent.com/img/a/AVvXsEghxQmEJ73AOrKOQZCYjmsGsyuEK0KO2fCgC9F7oavjAechzbRPSYMH_se6IoIcjc6YVlor2l_nXZRisAAaHMZSyGfA2a3YVpP345ICUpEFHUsoVrq_3YDFtdVbsAvZUjiy9PeE9Yl-qaraMoVOEfZpKP0REgjd0rDsGgK4PWZZGrKToYM_LJ1NI0kDrg\x3dw225-h400', 'url': 'https://mango-school.blogspot.com/2022/03/node-ipc-malware-removal.html', 'type': 'item', 'isSingleItem': true, 'isMultipleItems': false, 'isError': false, 'isPage': false, 'isPost': true, 'isHomepage': false, 'isArchive': false, 'isLabelSearch': false, 'postId': 3829506180520262340}}, {'name': 'widgets', 'data': [{'title': 'Logo', 'type': 'HTML', 'sectionId': 'header-main', 'id': 'HTML10'}, {'title': 'Icons, Dark, Search', 'type': 'LinkList', 'sectionId': 'header-main', 'id': 'LinkList10'}, {'title': 'Menu', 'type': 'LinkList', 'sectionId': 'header-main', 'id': 'LinkList11'}, {'title': 'Blog Posts', 'type': 'Blog', 'sectionId': 'blog-post', 'id': 'Blog1', 'posts': [{'id': '3829506180520262340', 'title': 'node-ipc malware removal', 'featuredImage': 'https://blogger.googleusercontent.com/img/a/AVvXsEghxQmEJ73AOrKOQZCYjmsGsyuEK0KO2fCgC9F7oavjAechzbRPSYMH_se6IoIcjc6YVlor2l_nXZRisAAaHMZSyGfA2a3YVpP345ICUpEFHUsoVrq_3YDFtdVbsAvZUjiy9PeE9Yl-qaraMoVOEfZpKP0REgjd0rDsGgK4PWZZGrKToYM_LJ1NI0kDrg\x3dw225-h400', 'showInlineAds': false}], 'footerBylines': [{'regionName': 'footer1', 'items': [{'name': 'share', 'label': ''}]}], 'allBylineItems': [{'name': 'share', 'label': ''}]}, {'title': 'Popular Posts', 'type': 'PopularPosts', 'sectionId': 'sidebar-static', 'id': 'PopularPosts10', 'posts': [{'title': 'How to remove ygvb Ransomware', 'id': 729607464617877353}, {'title': 'New WhatsApp Communities feature', 'id': 8367762764082842155}, {'title': 'Zzla file ransomware virus Removal Decrypt', 'id': 9089289928437659324}, {'title': 'Gujd file ransomware virus Removal Decrypt', 'id': 5638591793488345148}, {'title': 'USA bans Kaspersky - What are the reasons?', 'id': 8464110779646215258}]}, {'title': '#Recent Post', 'type': 'HTML', 'sectionId': 'sidebar-static', 'id': 'HTML19'}, {'title': 'Follow Mango school', 'type': 'LinkList', 'sectionId': 'footer-widget', 'id': 'LinkList14'}, {'title': 'Copyright', 'type': 'HTML', 'sectionId': 'copyright', 'id': 'HTML23'}, {'title': 'SVG Icons', 'type': 'HTML', 'sectionId': 'jet-options', 'id': 'HTML24'}]}]);
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML10', 'header-main', document.getElementById('HTML10'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_LinkListView', new _WidgetInfo('LinkList10', 'header-main', document.getElementById('LinkList10'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_LinkListView', new _WidgetInfo('LinkList11', 'header-main', document.getElementById('LinkList11'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_BlogView', new _WidgetInfo('Blog1', 'blog-post', document.getElementById('Blog1'), {'cmtInteractionsEnabled': false, 'lightboxEnabled': true, 'lightboxModuleUrl': 'https://www.blogger.com/static/v1/jsbin/2591911167-lbx.js', 'lightboxCssUrl': 'https://www.blogger.com/static/v1/v-css/13464135-lightbox_bundle.css'}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_PopularPostsView', new _WidgetInfo('PopularPosts10', 'sidebar-static', document.getElementById('PopularPosts10'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML19', 'sidebar-static', document.getElementById('HTML19'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_LinkListView', new _WidgetInfo('LinkList14', 'footer-widget', document.getElementById('LinkList14'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML23', 'copyright', document.getElementById('HTML23'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML24', 'jet-options', document.getElementById('HTML24'), {}, 'displayModeFull'));
</script>
</body>*/</style>