Using outdated software like the 0.9.60 beta is highly discouraged. Modern versions (1.x and above) have moved to a completely different architecture with significantly better security protocols. FileZilla Server version 0.9.60 beta - GitHub
: Flaws in request parsing allow attackers to inject malicious payloads into memory.
The vulnerability was responsibly disclosed by a security researcher, and the FileZilla team has likely patched or will patch the vulnerability in a future update. filezilla server 0960 beta exploit github link
The most effective defense is to upgrade to the latest version of FileZilla Server, which features updated security protocols and architecture.
The attackers had deployed an outdated FileZilla Server instance as a distribution node, hosting multiple encrypted payload files ( 001.ENC , 002.ENC , etc.). When victims connected and downloaded the payload, the malware decrypted and executed the RedLine information stealer, which harvested credentials, browser data, and cryptocurrency wallets. Using outdated software like the 0
Let me know how you'd like to . Share public link
: Another repository containing the 0.9.60 beta binaries and release notes. Recommendation: Upgrade to Version 1.x The vulnerability was responsibly disclosed by a security
Interestingly, the connection between FileZilla and GitHub goes both ways. In 2024, a sophisticated threat actor named "GitCaught" exploited both platforms. While FileZilla Server was used for malware management and delivery, the attackers used GitHub repositories to host fake software (like 1Password and Pixelmator Pro) to lure victims. This highlights that searching for "FileZilla server exploit GitHub" might also lead to designed to trap security researchers, emphasizing the need to only download code from verified sources like the official Metasploit repo.