Puush servers compromised to deliver malware disguised as app update

Users of screenshot-grabbing-and-easy-sharing app Puush are in danger of having their passwords stolen by malware that masquerades as the (then) latest update for the app.

It seems that the company’s main server has been compromised, and the malicious update (r94) planted so that it would be automatically pushed out to users.

Only Windows users whose PC was on and connected to the Internet between March 29 UTC 18:51 and 21:41 may have been affected (the app checks for updates every 1-6 hours). Mobile and OS X users are safe.

It’s possible that the malware in question is a password-stealer. “So far our sandboxed investigations show no sign of data (passwords) being transmitted,” the company said on Twitter. But to be safe, they are still advising users to change any passwords stored on their machine or in their browsers.

The company has also temporarily taken down their servers so that they could apply security updates. They are now available again.

Users who still want to use the app are advised to update to the latest version (r100) which also checks the system for the malware and removes it both from disk and memory. Those who don’t can uninstall the app and download the standalone cleaner to remove the malware.

The company has added that users passwords were not compromised in the breach, as they store passwords salted and hashed using bcrypt.

Share this