Fully functional trojanized FileZilla client steals FTP logins
Posted on 28.01.2014
Trojanized versions of the hugely popular FileZilla FTP client are being offered to unsuspecting users via hacked websites with fake content.

"Malware installer GUI is almost identical to the official version. The only slight difference is version of NullSoft installer where malware uses 2.46.3-Unicode and the official installer uses v2.45-Unicode. All other elements like texts, buttons, icons and images are the same," Avast researchers warn.

"The installed malware FTP client looks like the official version and it is fully functional! You can’t find any suspicious behavior, entries in the system registry, communication or changes in application GUI."



The malware records, encodes and sends FTP login credentials to the criminals' server hosted in Germany, the domains on which are registered with Naunet.ru, a Russian domain registrar known for malware and spam activity.

It's interesting to note that one of the malicious versions has been compiled way back in September 2012, and is still detected by just a couple of commercial AV solutions. Another one dates back to September 2013, and is also poorly detected.

"We assume that the stolen FTP accounts are further abused for upload and spread of malware. Attackers also can download whole webpage source code containing database log in, payment system, customer private information etc," the researchers pointed out. "Connection via infected FTP client to your home or corporate network is another level of this threat."

To avoid being saddled with a malicious FileZilla version, users are advised to download it only from the software's official website or from well-reputed download sites, and to avoid any unsolicited download offers.

It should go without saying that this advice is valid for any and every other software / app download.









Spotlight

Intentional backdoors in iOS devices uncovered

Posted on 22 July 2014.  |  A researcher has revealed that Apple has equipped its mobile iOS with several undocumented features that can be used by attackers and law enforcement to access the sensitive data contained on the devices running it.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Wed, Jul 23rd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //