Summary:
-
Malicious Plugin Discovered
The ScreenShareOTR plugin for Pidgin was found to be malicious, installing keyloggers and DarkGate malware on users’ systems. This plugin was marketed as a secure screen-sharing tool but was actually used to breach corporate networks. -
Immediate Actions Taken
Pidgin has removed the compromised plugin from its repository and advised users to uninstall it and perform a full system scan. The incident highlights the risks of using unvetted third-party plugins. -
Future Precautions
To prevent similar issues, Pidgin will now only accept third-party plugins with OSI Approved Open Source Licenses, ensuring that their code is open to scrutiny and reducing the risk of hidden malware.
Read more at: BleepingComputer
!