Monday, April 8, 2019
Home / Malware / Mozilla warns of Modified Filezilla Clients

Mozilla warns of Modified Filezilla Clients

Modified  variants of the well-known file transfer program (FTP) FileZilla  to steal data are circulating on third-party sites, Mozilla said Tuesday.

FileZilla is an free program, and hackers modified its source code to be able to grab info for over a decade. However this campaign, operated with third-party websites, is among the most significant FileZilla has witnessed thus far.

“We do not condone these actions and are taking measures to get the known offenders removed,” FileZilla stated.

The antivirus solution, Avast discovered that the revised versions are almost identical to the genuine program. The icons, buttons and images are exactly the same, and the malware version of the “.exe” file is a bit smaller compared to real one, Avast blogged.  You can view how similar the executable look in the picture below.


Within the fake FileZilla variants, Avast discovered code which takes login credentials for hosts users are accessing. The username, password, FTP server and port are secured with a custom base64 algorithm and delivered to the attacker’s server, as outlined by Avast.

“The whole operation is very quick and quiet,” Avast wrote.

The compromised information is delivered to a server in Germany. The  IP address of that server also hosts three additional domains registered through, which Avast stated “is associated with malware and spam activities.”

FileZilla recommended its application be downloaded only from its website or SourceForge

About FastFlux

Owner of ZeroSecurity, interested in programming, malware analysis and penetration testing. If you would like to write for the ZeroSecurity team, please use the contact form above.

Check Also

Exploit Kit activity on a steep decline since April

As malware writers are moving to Neutrino and RIG exploit kits (EK) for dispersal needs, security experts …