same threat group hit filezilla last month. they're specifically targeting utilities that tech-savvy users trust and download from official sources. the attack surface is the the api layer that generates download links, not the binary itself