Multi-platform messenger: Pidgin plug-in had a keylogger in its luggage
The developers of Pidgin warn that the ss-otr plug-in has brought a Trojan with it. It is now offline.
(Image: Skorzewiak/Shutterstock.com)
A malware-infected plug-in for the multi-platform messenger Pidgin was available for download for more than a month. The developers advise users to uninstall the plug-in immediately.
At the turn of the millennium, Pidgin was a widely used multi-platform messenger that included protocols for Bonjour, IRC and Jabber/XMPP.
Keystrokes recorded
In a post, they state that it is the screen-capturing tool ss-otr. Unknown attackers are said to have used it as a keylogger and used it to capture screenshots. Criminals usually capture log-in data in this way.
The Pidgin developers state that the plug-in was added to the list of third-party plug-ins on July 6, 2024. On August 16, it became known that it contains a keylogger. It has been offline since then.
Countermeasures
An investigation indicated that the uploader had not uploaded any source code, but only binaries. In the future, the Pidgin developers want to require plug-ins to have an Open Source Initiative Approved License.
Anyone who has installed the plug-in should delete it quickly and scan their PC for viruses. However, this is not a panacea, as malware is often deeply embedded in the system, so the only remedy is to reinstall the operating system. Because Pidgin says it does not count plug-in downloads, it remains unclear how many users are affected by the problem.
Security researchers from Eset draw connections to the Darkgate malware. According to them, other plug-ins (HTTP File Upload, Master Password, OMEMO, Pidgin Paranoia and Window Merge) were available for download on the server that has since been taken offline. The researchers suspect that these could also be infected.
(des)
