Stories
Slash Boxes
Comments

SoylentNews is people

Puush Hacked, Malware Sent Out Via Client Update

posted by janrinok on Monday March 30 2015, @10:47AM   Printer-friendly
Security

[Editor's Note: I cannot find an estimate for the number of Puush.me users, and the malware was only distributed for a few hours, so the number of systems at risk of compromise might be very small. Nevertheless, one member of our community (the submitter) thought it prudent to bring this matter to our attention. For many of you - hopefully the majority of you - this is of little interest. Don't worry, the next story will be along shortly]

f4r writes:

Puush is a popular screenshot, image and file sharing service, started in 2010 out of Perth, Australia.

On March 29th, between 18:51 and 21:41 UTC, a false software update was rolled out to puush users via the official update mechanism.

Details are still emerging via twitter, but the gist of it is that the fake update (listed as build r94 and only affecting Windows versions) contained some form of malware (suspected to be a password-siphoner). Puush have since rolled out a new version (build r100) which automatically removes the malware bundled with build r94, informing the user in the process, as well as directing users to the puush status page. Puush is advising users to change any passwords that may be stored locally (such as in Firefox/Chrome or mail clients) as a precautionary measure, and check that they are either running build r93 (unaffected) or r100 (patched).

This discussion has been archived. No new comments can be posted.
Puush Hacked, Malware Sent Out Via Client Update | Log In/Create an Account | Top | 5 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: -1, Troll) by Anonymous Coward on Monday March 30 2015, @10:53AM

    by Anonymous Coward on Monday March 30 2015, @10:53AM (#164168)

    For when selfies just aren't enough. Look at allllll the motherfucking shortcuts on my desktop. Every fucking one points to a pirated app, man! I never pay for nothin! Check out my wallpapper, you never seen doper shit than that shit, for realsszz!

    • (Score: 0) by Anonymous Coward on Monday March 30 2015, @11:40AM

      by Anonymous Coward on Monday March 30 2015, @11:40AM (#164180)

      fuck off m8, it's very useful for distributing screenshots of any size, and it can be used for other files too

  • (Score: 2) by f4r on Monday March 30 2015, @11:00AM

    by f4r (4515) on Monday March 30 2015, @11:00AM (#164169)
    At the moment, there are just shy of 6k people following the puush twitter feed, so maybe, at a guess, 10x more who don't... maybe? It's just a guess at best. As for the 2 hour infection window, it's worth keeping in mind that puush checks for updates every 1-6 hours. I personally got hit by the dodgy update, and quite a few of my friends use the service too.
    Nice that my first submission got accepted though, I feel all warm and fuzzy.
    --
    Do not use as directed.

  • (Score: 0) by Anonymous Coward on Monday March 30 2015, @11:38AM

    by Anonymous Coward on Monday March 30 2015, @11:38AM (#164176)

    bullet dodged

  • (Score: 0) by Anonymous Coward on Monday March 30 2015, @02:52PM

    by Anonymous Coward on Monday March 30 2015, @02:52PM (#164271)

    Ironically this serves as good publicity for the company. Gets people to know they exist.