Malicious FileZilla Download: A Growing Trend of Trusted Software Abuse

Malicious FileZilla Download: A Growing Trend of Trusted Software Abuse

Malicious FileZilla Download: A Growing Trend of Trusted Software Abuse

A trojanized copy of the open-source FTP client FileZilla 3.69.5 is circulating online, putting users at risk of malware infection. The archive contains the legitimate FileZilla application, but with a single malicious DLL added to the folder.

How the Malware Works

The malware relies on a well-understood Windows behavior called DLL search order hijacking, where an application loads a library from its own directory before checking the Windows system folder. When someone downloads this tampered version, extracts it, and launches FileZilla, Windows loads the malicious library first.

Meanwhile, the malware can access saved FTP credentials, contact its command-and-control server, and potentially remain active on the system. The risk does not stop with the local computer, as stolen credentials could expose the web servers or hosting accounts the user connects to.

A Growing Trend of Trusted Software Abuse

The abuse of trusted open-source utilities appears to be growing. Last month, we reported on fake 7-Zip downloads turning home PCs into proxy nodes. Security researchers have also reported that a compromised Notepad++ update infrastructure delivered a custom backdoor through DLL sideloading for several months.

Now, FileZilla has been added to the list of software impersonated in this way. A lookalike domain, filezilla-project[.]live, hosts the malicious archive.

What to Do If You May Have Been Affected

Be cautious about where you download software. DLL sideloading is not new, and this campaign shows how adding a single malicious file to an otherwise legitimate archive can compromise a system.

To protect yourself, only download software from official websites, and be wary of lookalike domains or search poisoning tactics.

Conclusion

In conclusion, the malicious FileZilla download is a growing trend of trusted software abuse. It is essential to be cautious when downloading software and to only download from official websites.

By being aware of this threat and taking the necessary precautions, you can protect yourself from malware infection and keep your system safe.