Core Viewpoint - The article discusses the recent concerns regarding a virus vulnerability associated with Sogou Input Method, clarifying that the issue stemmed from an unlaunched testing feature and was promptly addressed by Tencent Search Input Method [3][6]. Group 1: Incident Overview - On September 20, Huorong Security reported a virus targeting browser homepages, tracing its origin to Sogou Input Method [4]. - The virus exploits the Shiply terminal infrastructure of Sogou Input Method, which allows for cloud-based control configurations based on user profiles [4]. - The virus's promotional module detects antivirus software on user devices and alters the homepage and default search engine settings of major browsers like Edge and Chrome [6]. Group 2: Response and Remediation - Tencent Search Input Method acknowledged the issue and completed a fix on September 20, ensuring no impact on user experience [6]. - The company expressed apologies for the inconvenience caused and committed to enhancing testing process management to prevent future occurrences [6].

2025.09.25 本 文字数：674，阅读时长大约2分钟 作者 | 第一财经吕倩 9月25日，"腾讯搜索输入法"知乎账号发文称：近日，我们关注到有关搜狗输入法"存在病毒漏洞"的不 实信息。经核查，该问题源于一项尚未正式发布的测试功能，由于测试配置异常导致外部可访问。 事件起始于9月20日，火绒安全在公众号发文称，火绒威胁情报中心近期监测到一款专门锁定浏览器主 页的病毒正加速蔓延。经溯源，该病毒的源头指向搜狗输入法。 火绒方面表示，搜狗输入法通过Shiply终端基础（搜狗输入法客户端的底层基础组件）发布通用模块， 向云端请求控制配置。在下发这些云控配置中，会结合用户画像：例如所在地区、时间等诸多维度进行 精准推送。由于Shiply平台本身具备灰度发布能力，据此推测，攻击者很可能先通过小范围灰度测试验 证效果，再进行大规模传播。 另外，该病毒的推广模块会首先检测用户设备上的杀毒软件，随后通过篡改配置文件的方式，强制修改 Edge与Chrome两款主流浏览器的主页及默认搜索引擎设置。目前，火绒安全产品可对上述推广模块进 行拦截与查杀。 "腾讯搜索输入法"方面称，发现问题后，已于第一时间（9月20日）完成修复，不 ...

Core Viewpoint - Tencent's input method has addressed concerns regarding a virus vulnerability linked to Sogou Input Method, clarifying that the issue originated from an unlaunched testing feature that was improperly configured, allowing external access [1][3]. Group 1: Incident Overview - The incident began on September 20, when Huorong Security reported a virus targeting browser homepages, tracing its source to Sogou Input Method [1]. - Huorong indicated that Sogou Input Method utilizes the Shiply terminal infrastructure to release general modules that request control configurations from the cloud, which are tailored based on user profiles [1]. Group 2: Virus Mechanism - The virus's promotional module first checks for antivirus software on user devices and then alters configuration files to forcibly change the homepage and default search engine settings of Edge and Chrome browsers [3]. - Huorong's security products are capable of intercepting and eliminating the aforementioned promotional module [3]. Group 3: Company Response - Tencent's input method team stated that they completed repairs on September 20, ensuring that user experience would not be affected and expressed apologies for the inconvenience caused [3]. - The company plans to enhance management of testing processes to prevent similar issues in the future [3].