If you use Filezilla for transporting files via FTP, there seems to be a problem with the latest version, Filezilla 18.104.22.168. If you don’t use Filezilla and/or have no idea what it is, feel free to skip this post.
Apparently, this was a false positive. As of today, the Filezilla 22.214.171.124 update EXE tests clean on VirusTotal. Malwarebytes no longer flags it.
Filezilla 126.96.36.199 Update
I’m a regular user of Filezilla and it’s not unusual for there to be an announcement when it starts up that there is a new version ready to be installed. I got a notification last night when I started Filezilla and, as usual, told it to go ahead and install the update.
This morning when I got on my computer, there was a notification from Malwarebytes, my preferred malware scanning software, that Filezilla was corrupted with a trojan called PUP.Optional.Unizeto. I did a bit of research and it seems that the named trojan is pretty nasty.
There is always the possibility of a false positive from malware scanners, so I uploaded the Filezilla update file to a website called Virus Total (https://www.virustotal.com/). Virus Total scans uploaded files with 56 different anti-virus programs. Since no anti-virus program is perfect, the theory is that the more programs are used to scan, the better the potential results.
Of the 56 programs used by Virus Total, only one returned a positive for malware, that one being Malwarebytes. So, one of two things is going on here: either it’s a false positive that only Malwarebytes is alerting to, or it’s getting by 55 other programs and Malwarebytes is the only one identifying the problem.
Erring On The Side of Caution
While the latter scenario is unlikely, it’s still possible. I chose to uninstall Filezilla and download it again from Sourceforge.net.
By the way, it’s important to download Filezilla from Sourceforge.net to be as sure as possible that you have a clean version. Filezilla is one of many freeware applications that can be downloaded from a zillion different freeware sites and it’s not unusual for the software on some of these sites to be infected with malware.
Interestingly, the Filezilla version downloaded from Sourceforge.net is 188.8.131.52. The update is version 184.108.40.206. I installed Filezilla 220.127.116.11 to be on the safe side.
When I started up Filezilla I got the same notification of a new version available and found version 18.104.22.168 in my Downloads directory waiting to be installed. Naturally, I am not going to install the update until I’m sure there is no issue with it. I suggest you pass on the update for now, as well.
If you have already updated Filezilla, I recommend uninstalling and going back to version 22.214.171.124 from Sourceforge.net until the update has been proven clean. Of course, ignore the update notification if the offered update is to version 126.96.36.199. I will be waiting for the next version and will be sure to check the file with VirusTotal before installing it the next time!