Updated just now and got a random text file on my desktop called WITH-LOVE-FROM-AMERICA.txt
This happened to me as well. From what I can piece together, it seems like it comes from this NPM package: https://github.com/RIAEvangelist/peacenotwar
Either the Unity Hub or one of it’s dependencies includes this package, which seems to copy this file to the Desktop. While I support the sentiment of the above package, I find it highly disturbing that it was added into the Unity Hub, knowingly or not, without explanation or permission.
1 Like
Same here, found it created it every time I ran Unity Hub. I have since uninstalled the Unity for now. I have had issues with identity theft before and this is not cool.
1 Like
Here’s an article with some more info about it if you’re curious. Definitely gave me a compromised scare at first too.
Appears to largely be harmless, but also intentionally brings in vulnerable code so rather safe than sorry for me as well.
1 Like
Oh…
Mmmmm…
edit: yeah thats not cool
gonna take me a unity break for a bit
Thank god I never updated from hub 2.4.5 
So Unity is seriously updating their software without proofreading the code of the updated dependencies? So some almost random person can write some malicious shit-code on a stinky javascript that Unity uses as a dependency and it will end up running on my computer after Unity Hub update?
Has the whole world gone completely cuckoo or what?
14 Likes
Things can happen. And whilst this almost got me into a huge trouble, I dodged the bullet 
But yes, maybe giving more attention to security is something we all need to be aware of.
This could have been a disaster.
Thats all you need to know about UnityTech professional skills… Unbelievable!
1 Like