Pidgin Removes ScreenShareOTR Plugin Amid Security Concerns

Apps & Games / Pidgin Portable / Desktop / Windows / News Pidgin Portable for Desktop Windows / Pidgin Removes ScreenShareOTR Plugin Amid Security Concerns
04 Sep 2024

Pidgin Takes Action to Protect Users

The Pidgin messaging app has recently taken significant action to protect its users by removing the ScreenShareOTR plugin from its official third-party plugin list. This decision came after alarming reports surfaced regarding the plugin’s misuse, which included the installation of keyloggers, information stealers, and various forms of malware typically employed to infiltrate corporate networks.

Sneaky Pidgin Plugin

Pidgin, known for its open-source and cross-platform instant messaging capabilities, has long been a favored choice for users looking to integrate multiple messaging accounts into a single interface. While its popularity has waned since the mid-2000s, it continues to attract a dedicated following among tech-savvy individuals, open-source advocates, and those needing to connect with legacy instant messaging systems.

The application supports a plugin system that enhances its functionality, allowing users to download various addons from an official third-party plugins list, which currently boasts 211 options. However, a troubling development occurred when a malicious plugin named ‘ss-otr’ was added to this list on July 6, 2024. It wasn’t until August 16 that Pidgin received a report from a user indicating that the plugin was functioning as a keylogger and capturing screenshots. In response, Pidgin promptly removed the plugin and initiated an investigation. By August 22, confirmation of the keylogger’s presence was provided by security researcher Johnny Xmas.

A notable concern surrounding the ss-otr plugin is its lack of transparency; it only offered binaries for download without any accompanying source code. This absence of robust review mechanisms within Pidgin’s third-party plugin repository led to a lapse in security scrutiny.

Plugin Leads to DarkGate Malware

According to ESET, the cybersecurity firm that uncovered the plugin’s malicious nature, the installer was signed with a valid digital certificate from INTERREX – SP. Z O.O., a legitimate Polish company. While the plugin initially appeared to deliver its promised screen-sharing functionality, it also harbored malicious code capable of downloading additional binaries from an attacker’s server at jabberplugins[.]net.

The payloads delivered through this mechanism included PowerShell scripts and the notorious DarkGate malware, which was similarly signed by the Interrex certificate. This malicious strategy was not limited to the Windows version of Pidgin; a parallel approach was utilized for the Linux client, ensuring that both platforms were compromised.

ESET further reported that the now-defunct malicious server had hosted additional plugins, including OMEMO, Pidgin Paranoia, Master Password, Window Merge, and HTTP File Upload, all of which were likely involved in disseminating DarkGate. This indicates that the ScreenShareOTR plugin was merely a component of a larger, more extensive campaign.

Users who may have installed the compromised plugin are advised to remove it immediately and conduct a thorough system scan using antivirus software to detect any lingering threats from DarkGate. In light of these events, Pidgin’s maintainer and lead developer, Gary Kramlich, communicated via Mastodon that the organization does not track the number of times a plugin is installed.

To mitigate the risk of similar incidents in the future, Pidgin has announced a new policy: it will now only accept third-party plugins that possess an OSI Approved Open Source License. This change aims to ensure greater scrutiny of the code and internal functionality of plugins, thereby enhancing user security.

Update 8/27/24: Updated story to note that Pidgin does not keep track of plugin downloads.

What is the base cause of pidgin formation?

The base cause of pidgin formation is the need for communication between speakers of different native languages who come into contact with each other. This often occurs in situations such as trade, colonization, or immigration, where there is a necessity for a common language but no shared language available. Pidgins are simplified languages that develop to facilitate basic communication, combining elements of the different languages involved.

How to set up Google Chat on Pidgin?

To set up Google Chat on Pidgin: 1) Install Pidgin and the 'purple-hangouts' plugin. 2) Open Pidgin and navigate to 'Accounts' > 'Manage Accounts'. 3) Click 'Add', select 'Hangouts' from the protocol list. 4) Enter your Google account credentials. 5) Authenticate using your Google account in the web browser if prompted. 6) Configure any additional settings as needed and save. Pidgin will synchronize with your Google Chat, allowing you to use it directly through the Pidgin interface.
Update: 04 Sep 2024
Pidgin Portable

Pidgin Portable download for free to PC or mobile

3
898 reviews
3890 downloads

News and reviews about Pidgin Portable

Loading...