Increased instances of tainted malware laden version of FileZilla FTP client have been noticed by security company Avast – the threat which FileZilla isn’t new, but is definitely one of the largest it has witnessed till date.
Avast has claimed through a recent report that it has seen increased instances of malformed version of FileZilla FTP client versions 3.7.3 and 3.5.3 that actually function the way the client is supposed to, but on top of that steals users’ FTP credentials and sends them to servers controlled by hackers.
Malware Analyst Workforce at Avast claimed that the primary give away of a possibly tainted version of FTP client is that the URL on which the executable is hosted. The team claimed that the GUI of the malware laden FTP client is almost identical of the official version and the only difference it seems “is version of NullSoft installer where malware uses 2.46.3-Unicode and the official installer uses v2.45-Unicode.”
“The installed malware FTP client looks like the official version and it is fully functional! You can’t find any suspicious behavior, entries in the system registry, communication or changes in application GUI”, Avast added.
Once installed the application prevents users from updating the client to circumvent any overwriting of malware laden binaries.
“We found a hardcoded connection detail stealer after deeper analysis. Malware authors abuse open source code and add their own stealer function to the main code”, added Avast.
FileZilla has acknowledged the presence of such malformed clients and revealed that the threat is possibly one of the largest seen till date, but “this is by no means a new threat,” said FileZilla.
FileZilla assured that it is not condoning the actions of such malware spreading servers and “are taking measures to get the known offenders removed.”
The open source project did warn that they cannot prevent such occurrences for the fact that they promote ‘beneficial redistribution’ and ‘modifications of FileZilla in the spirit of free open source software and the GNU General Public License.’
