If you were thinking of snagging FileZilla, the free, open source FTP manager, you better do so from the program’s official website. Otherwise, you might be laying out a welcome mat for cybercriminals to steal your data.
A blog post on FileZilla’s official site notes that altered versions of the program are popping up on third party site, laced with malware designed to swipe data from you. Though the post notes that threats like these aren’t exactly new, this new instance of blighted FileZilla programs is the “largest to date.”
“We do not condone these actions and are taking measures to get the known offenders removed,” writes FileZilla on its website. “Note that we cannot in general prevent tainted versions on third-party websites or proof their authenticity, especially since the FileZilla Project promotes beneficial redistribution and modifications of FileZilla in the spirit of free open source software and the GNU General Public License.”
Security firm Avast noted in a blog post of its own that the data-stealing version of FileZilla is “fully functional,” while also stating that its very difficult to tell the difference between legitimate and malicious versions of the program just with the naked eye alone. To help users who might be infected, FileZilla includes on its site instructions on how to check whether the version you’re running is less than pure by looking up the SHA-512 hash to make sure it matches the official version.
Of course, an easier and quicker way to deal with the problem is to simply go to filezilla-project.org and download the program directly from its creators, while also wiping your current install immediately.
What do you think? Sound off in the comments below.
(Image via Benoit Daoust/Shutterstock)