Malware Infiltrates Pidgin Messenger's Official Plugin Repository (bleepingcomputer.com) 10
The Pidgin messaging app removed the ScreenShareOTR plugin from its third-party plugin list after it was found to be used to install keyloggers, information stealers, and malware targeting corporate networks. BleepingComputer reports: The plugin was promoted as a screen-sharing tool for secure Off-The-Record (OTR) protocol and was available for both Windows and Linux versions of Pidgin. According to ESET, the malicious plugin was configured to infect unsuspecting users with DarkGate malware, a powerful malware threat actors use to breach networks since QBot's dismantling by the authorities. [...] Those who installed it are recommended to remove it immediately and perform a full system scan with an antivirus tool, as DarkGate may be lurking on their system.
After publishing our story, Pidgin's maintainer and lead developer, Gary Kramlich, notified us on Mastodon to say that they do not keep track of how many times a plugin is installed. To prevent similar incidents from happening in the future, Pidgin announced that, from now on, it will only accept third-party plugins that have an OSI Approved Open Source License, allowing scrutiny into their code and internal functionality.
After publishing our story, Pidgin's maintainer and lead developer, Gary Kramlich, notified us on Mastodon to say that they do not keep track of how many times a plugin is installed. To prevent similar incidents from happening in the future, Pidgin announced that, from now on, it will only accept third-party plugins that have an OSI Approved Open Source License, allowing scrutiny into their code and internal functionality.
What took them so long? (Score:2)
Re: (Score:1)
Re: (Score:2)
Pidgin? OTR Plugin? (Score:3)
Hello 20 years ago!
What's next? AOL CDs are compromised?
MS-Windows only (Score:5, Interesting)
>"The plugin was promoted as a screen-sharing tool for secure Off-The-Record (OTR) protocol and was available for both Windows and Linux versions of Pidgin"
What they failed to mention is that the malware only affects MS-Windows machines. Yet they made sure to mention the PLUGIN is available for "Windows and Linux". Hmm.
Re: (Score:1)
Re: (Score:2)
Hmm, that isn't good.
The article only talked about DarkGate, which affects only MS-Windows. Sounds like the script stuff is not as bad, but still dangerous.