‘Screenshot dumper’ Puush was infected with malware

Version r94 of the Windows client of screen dump software puush ​​was found to be infected with malware. The latest update r100 checks if the user is infected and removes the malware. According to the creator, puush’s web server had been hacked for some time.

For people who have lost faith in the software, a stand-alone cleaner has also been released. That writes the developer on his Tumblr. The cleaner checks if an infection has occurred and removes the malware.

Puush’s main web server has been hacked for some time, with no known compromise to the database and puushed screen dumps. The Windows version r94 of the software had been replaced by a malware variant. All other versions of the software are clean. The versions for OS X and mobile platforms are not infected.

The malware uses the file name ‘puush.daemon.exe’ and is located in “%AppData%Roamingpuush” or “Program Filespuush” and starts automatically via a registry key.

The malware may collect locally stored passwords, but it has not yet been confirmed whether those passwords were also sent to a server. Despite this, the developer recommends changing passwords, including passwords stored in Chrome and Firefox.