A new attack appears to use the same techniques and actors as “StealZilla” to alter the source code of the widely used open source Telnet/SSH client, PuTTY, and use their network of compromised web servers to serve up similar fake Putty download pages. However, the primary mode of infection relies on users to search for PuTTY and follow a link to a fake mirror rather than the legitimate PuTTY page.
Read the full analysis here – https://blogs.cisco.com/security/trojanized-putty-software