Greetings everyone. It is with much regret that I am writing this post. A plugin, ss-otr, was added to the third party plugins list on July 6th. On August 16th we received a report from 0xFFFC0000 that the plugin contained a key logger and shared screen shots with unwanted parties.

We quietly pulled the plugin from the list immediately and started investigating. On August 22nd Johnny Xmas was able to confirm that a keylogger was present.

  • ExtremeDullard@lemmy.sdf.org
    link
    fedilink
    arrow-up
    1
    ·
    3 months ago

    This danger is why I quit using the Purple Teams plugin for Pidgin: it works well enough (considering Teams isn’t exactly open to third-party clients, it works amazingly well in fact) it’s GPL-3.0, the source is provided and I compiled it.

    So I believe it’s clean, but that’s not good enough for me to hit our corporate Teams channels with it and I don’t have the time to audit the code. Not to mention, while my company trusts my good judgment, I’m pretty sure running an unauthorized client is against IT policies.

    So I dropped it, sadly. It’s a bummer because Pidgin uses a fraction of the resources needed by that pig of an Electron app - the official client - made by Microsoft.