On September 26th, according to a report from Kuaitech, the official Weibo account of Tencent Sogou Input Method recently addressed a circulating misinformation regarding “virus vulnerabilities” within the software.
Following an internal investigation, it was determined that the issue stemmed from a testing feature that had not yet been officially released. Due to an anomaly in the testing configuration, this feature became externally accessible.
Upon identifying the problem, Tencent Sogou Input Method promptly implemented a fix, ensuring that this incident does not affect the actual user experience.
Tencent Sogou Input Method has further announced its commitment to reinforcing the management of its testing processes to prevent similar occurrences in the future.
It is understood that on September 20th, Huorong Security published an article on its WeChat official account titled “Sogou Input Method’s Cloud Control Distribution Module ‘Secretly’ Tampering with Browser Configurations.” The article stated that the Huorong Threat Intelligence Center had recently detected a virus accelerating its spread, specifically targeting browser homepages. Tracing the source of this virus led directly to Sogou Input Method.
Huorong Security explained that Sogou Input Method utilizes its Shiply terminal foundation (the underlying component of the Sogou Input Method client) to distribute a general module that requests control configurations from the cloud.
These cloud-controlled configurations are delivered using user profiling, considering various dimensions such as region and time for precise targeting. Given that the Shiply platform inherently supports phased rollouts, it is speculated that attackers might have first used small-scale phased testing to validate the effectiveness of their actions before proceeding with widespread dissemination.
The module responsible for promoting the virus would first detect any antivirus software present on the user’s device. Subsequently, by modifying configuration files, it would forcibly alter the homepage and default search engine settings of prominent browsers like Edge and Chrome.
