Evil Versions of Popular Open Source Software on the Loose
Security researchers have identified a malware packed version of the popular FTP app FileZilla that is causing problems and prompting reminders to only download open source software from trusted sources.
Cybercrooks have put together a malicious version of popular FTP app FileZilla which works just like the real thing but surreptitiously passes login information to a hacker-controlled server.
The evil twin version has the same look and feel as the genuine programme and is clearly designed to mask its suspicious activities, such as phoning home with compromised data and changes system files.
—Trojan-laden FileZilla clone slurps data, sends it to the UNKNOWN By John Leyden, 29th January 2014
…recent news about a Trojan in a popular File Transfer Protocol (FTP) program is a potential cause for concern.
What’s important to note here, though, is the fact that it is not the official version of FileZilla that is at risk. Bogus versions of FileZilla are at risk.
Do a simple search on Google for FileZilla, and you’ll find several sites with downloads for the program. Open-source software, by definition, is freely redistributable, so having FileZilla available from multiple locations is not a surprise or anything new.
…The larger question here is whether the same type of issue could potentially exist with other open-source software. It can, and that is why it’s important that users only download software from the “right” place.
—FileZilla, Other Open-Source Software From ‘Right’ Sources Is Safe By Sean Michael Kerner