Screenshot-sharing app Puush has inadvertently infected Windows users with malware.
Over the weekend, the Puush server was breached and a fake, malware-infected program update was put in place. This means that anyone updating to version r94 of the software is infected.
The malware tries to grab passwords from infected systems, and was noticed after users complained on Twitter that the latest update had been flagged up by BitDefender. As a precautionary measure, the update server has been taken offline, and a clean update has been made available as a standalone download.
Puush is quick to point out that it is only the Windows version of the app that is affected - the iOS and OS X apps remain clean. It is not yet clear what happens to passwords that have been collected as tests have not shown them to be sent to another computer.
Another update has already been produced, version r100, and this has not only been checked to be clean, but also tidies up after the malware infected r94.
In a statement, Puush said:
The statement also recognises the fact that some people may have been put off using Puush. For these users, a cleanup and removal tool is available: