PuTTY Client Found Compiled with Trojan

PuTTY Client Found Compiled with Trojan

New version of putty SSH-client have been spotted compiled with a Trojan. This copy is running the same way as the usual one to allow user connect to different servers but it also include a malware that allow cyber-criminals grab credentials for remote servers. all information and action performed during the SSH session are going to be sent to attacker.

The non official putty version have been spotted by Symantec Security Response and the copy was hosted and distributed on servers controlled by attackers since 2013. Putty executable files usually white-listed by most antiviruses as this program is widely used and known to be a safe program.

According to Symantec the attack scenario is as follows:

  1. The victim performs a search for PuTTY on a search engine.
  2. The search engine provides multiple results for PuTTY. Instead of selecting the official home page for PuTTY, the victim unknowingly selects a compromised website.
  3. The compromised website redirects the user several times, ultimately connecting them to an IP address in the United Arab Emirates. This site provides the user with the fake version of PuTTY to download.
putty-default

Putty application

When you are looking to download any application make sure to use the official version by publisher. this will make you sure that you have the latest version with all security update and it allows to avoid having the adware , fake applications or malwares. Also make sure to have your security updated with all definitions.

This is not the first case where open source software used by attacker to compile a trojan. . last year FTP-client FileZilla was also found compiled with Trojan.

Share