Cyber Incident Victim: Puush
Date:
Mar 2015
Location:
United States of America
Summary
A screen sharing platform experienced a cyber attack involving malware injection into its server, prompting users to uninstall compromised software and change locally stored passwords on their devices and browsers. The incident affected a specific Windows client version distributed through an auto-update mechanism, with the malicious code masquerading as a legitimate update. While the company confirmed that files and databases remained unaffected, it warned that the malware potentially harvested passwords saved on users' machines, though data exfiltration could not be verified. A subsequent software update automatically detected and removed the threat, while Mac users were confirmed to be unaffected by the breach.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On March 29, 2015, Puush's screen-sharing platform experienced a cyber attack when malware was injected into one of its servers during a three-hour window from 18:51 to 21:41 UTC. The compromise specifically targeted build r94 of the Windows client distributed through Puush's auto-update system, leaving other versions unaffected. Users began reporting suspicious activity via social media, prompting Puush to issue public warnings through Twitter and Tumblr on March 30. The company confirmed the malware was disguised as a software update and advised all users to immediately uninstall the application. Affected individuals were directed to change passwords stored locally on their PCs and within browsers like Chrome and Firefox, though credentials managed through secure password managers were considered safe.
The incident exclusively impacted Windows users who received automatic updates during the attack timeframe, with Mac users remaining unaffected. Puush released build r100 as a corrective update that automatically detected and removed the malware from infected systems. While the company confirmed the malware had capability to collect locally stored passwords, they could not verify whether credentials were transmitted to external servers. Puush maintained that user files and databases remained uncompromised throughout the incident. As part of remediation efforts, the company provided a standalone cleaner tool for users opting to discontinue service. The updated Windows client remained available for download with integrated malware detection and removal functionality.