Fully functional trojanized FileZilla client steals FTP logins
Posted on 28.01.2014
Trojanized versions of the hugely popular FileZilla FTP client are being offered to unsuspecting users via hacked websites with fake content.

"Malware installer GUI is almost identical to the official version. The only slight difference is version of NullSoft installer where malware uses 2.46.3-Unicode and the official installer uses v2.45-Unicode. All other elements like texts, buttons, icons and images are the same," Avast researchers warn.

"The installed malware FTP client looks like the official version and it is fully functional! You canít find any suspicious behavior, entries in the system registry, communication or changes in application GUI."



The malware records, encodes and sends FTP login credentials to the criminals' server hosted in Germany, the domains on which are registered with Naunet.ru, a Russian domain registrar known for malware and spam activity.

It's interesting to note that one of the malicious versions has been compiled way back in September 2012, and is still detected by just a couple of commercial AV solutions. Another one dates back to September 2013, and is also poorly detected.

"We assume that the stolen FTP accounts are further abused for upload and spread of malware. Attackers also can download whole webpage source code containing database log in, payment system, customer private information etc," the researchers pointed out. "Connection via infected FTP client to your home or corporate network is another level of this threat."

To avoid being saddled with a malicious FileZilla version, users are advised to download it only from the software's official website or from well-reputed download sites, and to avoid any unsolicited download offers.

It should go without saying that this advice is valid for any and every other software / app download.









Spotlight

Operation Pawn Storm: Varied targets and attack vectors, next-level spear-phishing tactics

Posted on 23 October 2014.  |  Targets of the spear phishing emails included staff at the Ministry of Defense in France, in the Vatican Embassy in Iraq, military officials from a number of countries, and more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Oct 24th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //