After ‘protestware’ attacks, a Russian bank advised its customers to stop updating their software
As the Russian invasion of Ukraine continues, the consequences are felt across many sectors of the technology sector, including open source software development.
In a recent announcement, Russian bank Sber advised its customers to temporarily stop installing software updates on all apps, fearing they might contain malicious code specifically aimed at Russian users, dubbed by some as “protestware”.
As quoted in Russian-language news sites, Sber’s announcement reads:
Currently, cases of introducing provocative media content into freely distributed software have become more frequent. Additionally, various malicious content and code can be bundled into freely distributed libraries used for software development. Use of such software can lead to malware infection of personal and corporate computers, as well as IT infrastructure.
When there was an urgent need to use the software, Sber advised customers to scan the files with antivirus or perform a manual source code review – a suggestion that will likely be impractical, if not impossible, for most users.
According to The register, node-ipc updates made on March 7 and 8 added code that checked if a host machine’s IP address was geolocated in Russia or Belarus, and if so, overwritten as many files as possible with a heart symbol. A later version of the module removed the overwrite feature and instead dropped a text file on users’ computers containing a message that “war is not the answer, no matter how bad”, with a link to a Matisyahu song.
Although the most destructive features of the “protestware” module no longer appear in the code, the consequences are harder to undo. Since open source libraries are fundamental to software development, a general loss of confidence in their integrity could impact users in Russia and elsewhere.
In one Tweeter, cybersecurity analyst Selena Larson called it “forced insecurity”; in general, the open-source community fiercely condemned the node-ipc update and pushed back against the idea of protesting by sabotaging modules, even for good causes.
More broadly, the Ukraine conflict has posed difficult ethical questions for tech companies working in Russia. While many global tech leaders like Apple, Amazon, and Sony have suspended or halted sales in the Russian market, others remain: In a March 7 blog post, Cloudflare CEO Matthew Prince said that the company would continue to provide services in Russia despite appeals. stand down, writing that “Russia needs more internet access, not less.”