Zerodium Offers $100,000 for Pidgin Client Vulnerabilities
The well-known vulnerability broker Zerodium is offering researchers up to $100,000 for zero-day vulnerabilities in the desktop instant messaging client Pidgin.
“We are looking for remote code execution exploits affecting the latest version of Pidgin for Windows and/or Linux. The exploit must work with default settings and should not require any user interaction beyond reading a message,” the company stated in a blog post.
Zerodium regularly buys exploits from researchers and then sells them to governments and law enforcement agencies. The company often runs such “campaigns” and temporarily increases payouts for certain bugs, usually to fill gaps in their exploit portfolio or when clients request specific vulnerabilities for ongoing operations.
According to The Record, Zerodium’s interest in Pidgin exploits is likely due to the app’s widespread use among hackers, even though Pidgin is gradually losing ground to other instant messaging services.
Why Pidgin Is Targeted
For many years, Pidgin has been primarily used for messaging via the XMPP (Jabber) protocol, although it supports other IM protocols as well. XMPP/Jabber has long been favored by criminals because users can register IDs on secure servers that do not keep logs, making it useful for organizing operations or conducting illegal business. To further protect their communications, criminals often use OTR (Off The Record) or GnuPG plugins.
“Cybercriminals migrated from ICQ to Jabber (XMPP) in the early 2000s. But now, the new generation prefers Telegram for everyday conversations and deals, while using TOX as a more secure and anonymous alternative,” commented Dmitry Smilyanets, an analyst at Record Future.
Additional Information
- Chatex — Trade BTC, ETH, LTC, XRP, TRX, and other cryptocurrencies directly in your favorite messenger!
Sources
Related Channels and Partners
- Our other channels
- Our friends and partners