Let’s take an FTP based passwords stealer, or some keylogger, that uploads the details of our victims to our FTP server. How do they connect back to our FTP server?
As far as I know that for uploading any file to our FTP server we need its details (hostname, user and password). So do they keep our FTP details inside them? If yes then, if our victim know reverse engineering, can't he steal our FTP details and this will be reverse attack on attacker?
Does it work like this or am I misunderstanding something?