A compromised version of the open-source FTP client FileZilla, specifically version 3.69.5, has emerged, containing a malicious DLL that facilitates credential theft and communicates with a command-and-control (C2) server. This malicious variant is distributed through the lookalike domain http://filezilla-project.live, which hosts a tampered archive. The malware exploits DLL search order hijacking, a Windows behavior where applications load DLL files from their own directory before checking the system path. In this case, when users execute the compromised FileZilla, the malicious DLL is loaded, and from that point, it operates seamlessly within what appears to be a normal FileZilla session, making detection difficult for unsuspecting users.