

Your use of the packages on this site means you understand they are not supported or guaranteed in any way. With any edition of Chocolatey (including the free open source edition), you can host your own packages and cache or internalize existing community packages. Packages offered here are subject to distribution rights, which means they may need to reach out further to the internet to the official locations to download files at runtime.įortunately, distribution rights do not apply for internal use. If you are an organization using Chocolatey, we want your experience to be fully reliable.ĭue to the nature of this publicly offered repository, reliability cannot be guaranteed. Human moderators who give final review and sign off.Security, consistency, and quality checking.ModerationĮvery version of each package undergoes a rigorous moderation process before it goes live that typically includes: It is highly recommended that you only install FileZilla directly from the project’s own site or from SourceForge, where it is also hosted.Welcome to the Chocolatey Community Package Repository! The packages found in this section of the site are provided, maintained, and moderated by the community. The site gives instructions for checking the version you have installed. Note that we cannot in general prevent tainted versions on third-party websites or proof their authenticity, especially since the FileZilla Project promotes beneficial redistribution and modifications of FileZilla in the spirit of free open source software and the GNU General Public License". The websites distributing these fake copies of FileZilla seem to all be registered in Russia, using a registrar that hides the client information.įileZilla has placed a warning on its own website, stating "We do not condone these actions and are taking measures to get the known offenders removed. Malware doesn’t search bookmarks or send any other files or saved connections", Avast concludes. Log in details are sent to attackers from the ongoing FTP connection only once. The whole operation is very quick and quiet.


"The algorithm is part of a malformed FileZilla.exe binary, therefore sending stolen log in details which bypasses the firewall.

After deep analysis, the researchers found code hidden within the real open source code designed to add a stealer to the app.
