| Title | Puush Hacked, Malware Sent Out Via Client Update | |
| Date | Monday March 30 2015, @10:47AM | |
| Author | janrinok | |
| Topic | ||
| from the dept. | ||
[Editor's Note: I cannot find an estimate for the number of Puush.me users, and the malware was only distributed for a few hours, so the number of systems at risk of compromise might be very small. Nevertheless, one member of our community (the submitter) thought it prudent to bring this matter to our attention. For many of you - hopefully the majority of you - this is of little interest. Don't worry, the next story will be along shortly]
Puush is a popular screenshot, image and file sharing service, started in 2010 out of Perth, Australia.
On March 29th, between 18:51 and 21:41 UTC, a false software update was rolled out to puush users via the official update mechanism.
Details are still emerging via twitter, but the gist of it is that the fake update (listed as build r94 and only affecting Windows versions) contained some form of malware (suspected to be a password-siphoner). Puush have since rolled out a new version (build r100) which automatically removes the malware bundled with build r94, informing the user in the process, as well as directing users to the puush status page. Puush is advising users to change any passwords that may be stored locally (such as in Firefox/Chrome or mail clients) as a precautionary measure, and check that they are either running build r93 (unaffected) or r100 (patched).
| Links |
printed from SoylentNews, Puush Hacked, Malware Sent Out Via Client Update on 2024-04-25 00:11:33