Tuesday, 31 March 2015

Infected Updates Distributed For Puush And FlashFXP


Users of programs Puush and FlashFXP has become the target of an attack in which infected updates were presented and distributed. Puush is a program for sharing screenshots. Via Twitter , the service says that malware was sent in the form of a Puush update for the Windows version. After the discovery Puush advised to close the app and scan the computer.

From unconfirmed investigation would show that the malware was designed to steal passwords from browsers. In our own research Puush saw however that passwords were sent to the attackers. There is now released an update for Puush that the malware removed and lets users know if they are or are not infected. In addition, users are advised to change all their passwords. Through a blog posting late Puush know that the server was hacked.

FlashFXP

A similar incident took place last week, only with the FTP program FlashFXP. At the forum FlashFXP users complained that they were offered an update that was not on the website. Attackers had the DNS of the domain using the automatic updater, liveupdate.flashfxp.com adapted and were able to spread infectious updates. According to the developer of the FTP program impact would be limited because FlashFXP first checks the digital signature updates before being installed.

In case the file does not have a valid signature features will be removed. Last week the developer published an update(5.1.0.3824) that users need better protection against DNS hijackings. So is now requesting updates controlled digitally. If the server does not respond with a valid digital signature, the server's response is ignored. Furthermore performed additional checks to verify that the signatures of downloaded files is really FlashFXP.

No comments:

Post a Comment