Over this weekend, the screenshot sharing app, Puush server was hacked and a malware infected program was placed as an update for Windows users.
The software version r94 downloads malware, which grab passwords from infected systems. The update has been taken offline, and the latest update r100 is available as download, which will tell you if you were infected or not, this update will clean the malware.
The company noted that the Windows version of the app was affected, the iOS and OS X versions apps are safe.
According to statement released by company, “The malware may be collecting locally stored passwords, but we are yet to confirm these have been transmitted back to a remote location. We have been running the malware in sandboxed environments and have not been able to reproduce any such behaviour. Even so, we recommend you change any important passwords which were stored on your PC (unless they were in a secure password manager). This includes chrome/firefox saved passwords.”
The company made removal and cleanup tool available for users, who may have been put off using Puush.
“We have created a cleaner for people who do not wish to continue using puush. It is stand-alone and will tell you if you were infected (assuming you have not already updated to r100).”
You can obtain this here: http://puush.me/dl/puush_is_sorry.exe.