Cybercriminals are distributing trojanized versions of the popular FileZilla FTP client through convincing fake websites mimicking the official download page, tricking users into installing malware-laden installers or archives. These malicious packages bundle legitimate FileZilla software (such as version 3.69.5 portable) with a hidden malicious DLL named version.dll, which exploits Windows DLL sideloading to load first and execute a multi-stage in-memory loader. Once activated, the payload deploys a fully functional Remote Access Trojan (RAT) capable of stealing browser credentials, logging keystrokes, capturing screenshots, and enabling remote control via hidden virtual desktop sessions. The malware evades detection by using DNS-over-HTTPS for command-and-control communication, checking for sandbox/VM environments before deploying, and avoiding disk writes during execution. Security experts urge users to download FileZilla exclusively from the official site and employ behavior-based detection tools to counter such social engineering-driven threats.