Latest Version Of SSH Client PuTTY Steals Users Credentials

PuTTY  developed by Simon Tatham is a free and open source terminal emulator for Windows system used to remote access with Linux/Unix. It is used by system administrators, database managers and web developers.

According to Symantec Researchers, an unofficial version of the open source SSH client PuTTY has been found which may compromise the users privacy.

If the user is connected to other computers or servers through the malicious version of PuTTY, then they could have inadvertently sent sensitive login credentials to the attackers.

Data that is sent through SSH connections may be sensitive and is often considered a gold mine for a malicious actor. Attackers can ultimately use this sensitive information to get the highest level of privileges on a computer or server, (known as “root” access) which can give them complete control over the targeted system.

A Trojanized version of PuTTY is being hosted on websites  from the official domain, and cyber attackers used to redirect users to their own websites.

This Trojanized PuTTY version was first spotted in the wild late 2013, in a limited number of detection

To protect yourself becoming a victim you need to check the source of your download. Make sure you download the files from the official home page from the author or publisher.

Related posts

Hard-Coded Credentials Vulnerability Found In Kubernetes Image Builder

Critical Vulnerability Patched In Jetpack WordPress Plugin

Microsoft Fixed 100+ Vulnerabilities With October Patch Tuesday

1 comment

Emerson August 13, 2015 - 7:57 am
you should provided the official website and download link here...

Comments are closed.

Add Comment