Pidgin Details
Pidgin
Chicago, Illinois • employees • Technology
United States
Industry
Technology
Security Incidents
1
### Pidgin (formerly Gaim)
Pidgin is a free and open-source multi-platform instant messaging client based on a library named libpurple. This client supports numerous instant messaging protocols, enabling users to log into various services simultaneously through a single application. The client facilitates communication over both popular and obsolete protocols, such as AIM, MSN, IRC, XMPP, and more recently, third-party plugins for services like Discord. This eliminates the need to use different software for each messaging platform.
Pidgin was originally released in 1998 under the name "Gaim....
Show more
Security Incidents
Pidgin Breach of Aug 2024
Show more
Although there was no report of systems or services being taken offline or any specific mention of compromised internal company data, the incident nonetheless posed a serious risk by comp...
Show more
User data was compromised as the malicious plugin enabled attackers to log keystrokes and steal information, although specific types of data exposed were not detailed. No mention was made of any systems or services being taken offline as a...
Show more
Severity Score
Significant
Type
Malware AttackSummary
On August 16, 2024, the Pidgin messaging app removed the ScreenShareOTR plugin from its official third-party plugin list. This action followed the discovery that the plugin was being used to install keyloggers and information stealers, as well as DarkGate malware, on users' systems. The malicious plugin had been available for download since July 6, 2024, affecting both Windows and Linux versions of Pidgin. The plugin was initially promoted as a screen-sharing tool compatible with the Off-The-Record (OTR) protocol but was found to possess hidden capabilities that allowed it to compromise user s...Show more
Severity
The recent incident involving the Pidgin messaging app's ScreenShareOTR plugin on August 16, 2024, demonstrated a significant breach in security due to the distribution of malware. This sophisticated attack, which evaded initial detection by using a valid digital certificate from a legitimate company, affected both Windows and Linux users by installing keyloggers, information stealers, and DarkGate malware.Although there was no report of systems or services being taken offline or any specific mention of compromised internal company data, the incident nonetheless posed a serious risk by comp...
Show more
Impact
The incident with the Pidgin messaging app on August 16, 2024, can be classified as a malware distribution event involving the ScreenShareOTR plugin. This plugin, which had been available since July 6, was found to install keyloggers, information stealers, and DarkGate malware on users' systems, posing a severe security risk to both Windows and Linux users.User data was compromised as the malicious plugin enabled attackers to log keystrokes and steal information, although specific types of data exposed were not detailed. No mention was made of any systems or services being taken offline as a...
Show more
KEEP YOUR ENVIRONMENT SECURE
Weak credentials are the leading cause of breaches. Beyond Identity can help.
See MFA exploits in action
Watch how adversaries exploit companies in quick videos