PuTTY Client Found Compiled with Trojan

 PuTTY Client Found Compiled with Trojan

New version of putty SSH-client have been spotted compiled with a Trojan. This copy is running the same way as the usual one to allow user connect to different servers but it also include a malware that allow cyber-criminals grab credentials for remote servers. all information and action performed during the SSH session are going to be sent to attacker.

The non official putty version have been spotted by Symantec Security Response and the copy was hosted and distributed on servers controlled by attackers since 2013. Putty executable files usually white-listed by most antiviruses as this program is widely used and known to be a safe program.

According to Symantec the attack scenario is as follows:

The victim performs a search for PuTTY on a search engine.
The search engine provides multiple results for PuTTY. Instead of selecting the official home page for PuTTY, the victim unknowingly selects a compromised website.
The compromised website redirects the user several times, ultimately connecting them to an IP address in the United Arab Emirates. This site provides the user with the fake version of PuTTY to download.

Source : SecTechno