Exploit broker Zerodium is looking for Pidgin 0day exploits

Pierluigi Paganini June 02, 2021

Zero-day exploit broker Zerodium is looking for 0day exploits affecting the IM client tool Pidgin on Windows and Linux.

Zero-day exploit broker Zerodium announced it is looking for 0day exploits affecting the IM client tool Pidgin on Windows and Linux. The company will pay up to $100,000 for zero-days in Pidgin, which is a free and open-source multi-platform instant messaging client.

We're looking for #0day exploits affecting Pidgin on Windows and Linux.

Bounty: $100,000

Read more: https://t.co/VL04uBvgUj
— Zerodium (@Zerodium) June 1, 2021

Why Zerodium is interested into this specific IM tool?

Because Pidgin is used by cybercriminal organizations and terrorist groups, some of them developed specific plugins to add additional protection to the communications. Today the Pidgin client is mainly used to exchange messages via the XMPP (Jabber) protocol. Pidgin also supports plugins that implement Off-the-Record Messaging over any IM network Pidgin supports.

Researchers from Trend Micro reported the existence of Asrar al-Dardashah, a plugin released in 2013 that was developed for Pidgin to add encryption to the instant messaging functions, securing instant messaging with the press of a single button.

Zerodium resells the exploits to its customers that include law enforcement bodies and intelligence agencies that could use them in their investigations.

“We are looking for remote code execution exploits affecting the latest version of Pidgin on Windows and/or Linux. The exploit should work with default installations and should not require any user interaction other than reading a message.” reads the announcement published by Zerodium that is valid until 31 August 2021.

“Cybercriminals shifted from ICQ towards Jabber (XMPP) in the early 2000s,” Recorded Future threat intelligence analyst Dmitry Smilyanets told The Record.

The announcement is temporary likely because it comes after a request of some of its customers.

The company is searching for a remote code execution issue that could be exploited to take over the target device without any user interaction, for example just reading a message sent via the messaging app.

Other temporary acquisitions run by Zerodium include ISPConfig and WordPress RCE.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Zerodium)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini July 28, 2025

Critical WordPress Post SMTP plugin flaw exposes 200K+ sites to full takeover

Pierluigi Paganini July 28, 2025