Skip to content
View in the app

A better way to browse. Learn more.
Lunarsoft Forums

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Malicious versions of FileZilla are spreading

NewsBot
in Backpage News

Featured Replies

It was bad enough that FileZilla offers SourceForge installers loaded with garbage software that could easily be viewed as malicious software. Junkware such as "Hotspot Shield" are still bundled with some installers offered by Filezilla.

 

Now, avast has discovered that malicious versions of FileZilla 3.7.3 and 3.5.3 are being spread. "We have noticed an increased presence of these malware versions of famous open source FTP clients", the firm announces.

 

The fake software is idential except for one point. Any attempt to update the software through the build in update checker will fail. This is most likely to prevent the malware from being overwritten.

 

Avast uncovered a hidden "stealer" inside of the code, saying, "The algorithm is part of a malformed FileZilla.exe binary, therefore sending stolen log in details which bypasses the firewall. The whole operation is very quick and quiet. Log in details are sent to attackers from the ongoing FTP connection only once. Malware doesn’t search bookmarks or send any other files or saved connections."

 

The websites distributing these fake copies of FileZilla seem to all be registered in Russia, using a registrar that hides the client information.

 

FileZilla has placed a warning on its own website, stating "We do not condone these actions and are taking measures to get the known offenders removed. Note that we cannot in general prevent tainted versions on third-party websites or proof their authenticity, especially since the FileZilla Project promotes beneficial redistribution and modifications of FileZilla in the spirit of free open source software and the GNU General Public License."

On a personal note, if they do not condone these actions; then why are they working with SourceForge and bundling software like Hotspot Shield and other unwanted programs? Previously we posted an article by the Gluster Community about this very subject. Perhaps this occurance will help the FileZilla team to improve their own standards.


View the full article

  • Quote

    • Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.

    Guest
    Reply to this topic...
    Go to topic listing

    Recently Browsing 0

    • No registered users viewing this page.

    Account

    Navigation

    Search

    Search

    Configure browser push notifications
    Chrome (Android)
    1. Tap the lock icon next to the address bar.
    2. Tap Permissions → Notifications.
    3. Adjust your preference.
    Chrome (Desktop)
    1. Click the padlock icon in the address bar.
    2. Select Site settings.
    3. Find Notifications and adjust your preference.