Experts warn users to download the FileZilla FTP client only from trusted websites since cybercriminals are distributing fake versions in an effort to steal FTP credentials.According to Avast researchers, the malicious versions are mostly hosted on hacked websites. Unfortunately, there’s not much to indicate that the application has been tampered with, other than some file sizes and a couple of extra DLL files.
The fake FileZilla works perfectly, except for the fact that it can’t be updated, most likely in an effort to prevent users from overwriting the malicious files. Once it’s installed on a computer, the rogue app steals the user’s FTP credentials and uploads them to a remote server.
Cybercriminals can abuse FTP usernames and passwords in various ways. They can use the hijacked FTP servers to host malware, or they can steal valuable data stored on them.
Additional technical details on this attack are available on Avast’s blog.