Modified variants of the well-known file transfer program (FTP) FileZilla to steal data are circulating on third-party sites, Mozilla said Tuesday.
FileZilla is an free program, and hackers modified its source code to be able to grab info for over a decade. However this campaign, operated with third-party websites, is among the most significant FileZilla has witnessed thus far.
“We do not condone these actions and are taking measures to get the known offenders removed,” FileZilla stated.
The antivirus solution, Avast discovered that the revised versions are almost identical to the genuine program. The icons, buttons and images are exactly the same, and the malware version of the “.exe” file is a bit smaller compared to real one, Avast blogged. You can view how similar the executable look in the picture below.
Within the fake FileZilla variants, Avast discovered code which takes login credentials for hosts users are accessing. The username, password, FTP server and port are secured with a custom base64 algorithm and delivered to the attacker’s server, as outlined by Avast.
“The whole operation is very quick and quiet,” Avast wrote.
The compromised information is delivered to a server in Germany. The IP address of that server also hosts three additional domains registered through Naunet.ru, which Avast stated “is associated with malware and spam activities.”