This happened to me as well. From what I can piece together, it seems like it comes from this NPM package: https://github.com/RIAEvangelist/peacenotwar Either the Unity Hub or one of it's dependencies includes this package, which seems to copy this file to the Desktop. While I support the sentiment of the above package, I find it highly disturbing that it was added into the Unity Hub, knowingly or not, without explanation or permission.
Same here, found it created it every time I ran Unity Hub. I have since uninstalled the Unity for now. I have had issues with identity theft before and this is not cool.
Here's an article with some more info about it if you're curious. Definitely gave me a compromised scare at first too. Alert: peacenotwar module sabotages npm developers in the node-ipc package to protest the invasion of Ukraine | Snyk Appears to largely be harmless, but also intentionally brings in vulnerable code so rather safe than sorry for me as well. Edit: Richard Fine on Twitter: "@hybridherbst @willgoldstone @RatKingsLair Hub team are on it. Hotfix available shortly." / Twitter
Oh....................... Mmmmm...... edit: yeah thats not cool gonna take me a unity break for a bit
So Unity is seriously updating their software without proofreading the code of the updated dependencies? So some almost random person can write some malicious S***-code on a stinky javascript that Unity uses as a dependency and it will end up running on my computer after Unity Hub update? Has the whole world gone completely cuckoo or what?
Things can happen. And whilst this almost got me into a huge trouble, I dodged the bullet But yes, maybe giving more attention to security is something we all need to be aware of. This could have been a disaster.