Puush urges users to change passwords after cyber attack
Variant of Emotet banking malware used in spam campaign
The screen sharing platform Puush was hit by a cyber attack this weekend that injected malware into a server. Users were prompted to uninstall the app and change important passwords that were stored on PCs as well as those saved in major browsers, such as Chrome and Firefox, after other users began tweeting Puush about suspicious activity.
On Monday morning Puush warned its users through a series of tweets that the platform may have been used to send out malware disguised as an update. Puush also released a statement on its Tumblr.
“Puush was infected with malware. r100 (latest update) will tell you if you were infected and clean the malware." it said. "Only build r94 of the Windows client was affected, which was distributed via the auto-update system during the period: March 29 UTC18:51-21:41.”
The company noted that other versions should be okay and that a standalone cleaner is being offered for people who wished to no longer use the service. Mac users appeared to not have been affected.
Puush also said it suspected the malware may be collecting passwords stored locally but can't confirm if the malware is sending the passwords to a remote location. Regardless, the company recommended that users change all locally stored passwords unless they were stored in a secure password manager. Puush files and databases were unaffected to the company's knowledge.
The latest version is currently available for download and automatically detects and cleans the malware.