Pidgin confirmed today that ss-otr, a third-party plugin listed since July 6, contained a keylogger and shared screenshots with unwanted parties. If you installed it, uninstall immediately. Going forward, listed plugins must have an OSI-approved open source license.

https://pidgin.im/posts/2024-08-malicious-plugin/