PuTTY developed by Simon Tatham is a free and open source terminal emulator for Windows system used to remote access with Linux/Unix. It is used by system administrators, database managers and web developers.
According to Symantec Researchers, an unofficial version of the open source SSH client PuTTY has been found which may compromise the users privacy.
If the user is connected to other computers or servers through the malicious version of PuTTY, then they could have inadvertently sent sensitive login credentials to the attackers.
Data that is sent through SSH connections may be sensitive and is often considered a gold mine for a malicious actor. Attackers can ultimately use this sensitive information to get the highest level of privileges on a computer or server, (known as “root” access) which can give them complete control over the targeted system.
A Trojanized version of PuTTY is being hosted on websites from the official domain, and cyber attackers used to redirect users to their own websites.
This Trojanized PuTTY version was first spotted in the wild late 2013, in a limited number of detection
To protect yourself becoming a victim you need to check the source of your download. Make sure you download the files from the official home page from the author or publisher.