It is known that AnyDesk remote access software is often hijacked by hackers for evil purposes. We have also just learned that the popular brand has been impersonated to give credibility to phishing attempts. A malicious campaign has just been spotted at the beginning of January by an analyst from the French cybersecurity company Sekoia and reported by The Bleeping computer.
According to this analyst, more than 1,300 domain names host a page spoofing the official AnyDesk site, a page that actually refers to downloading the Vidar stealer from a Dropbox account. Better, if you are looking to install AnyDesk, download it directly from its official page or from the application store of your terminal.
Typosquatting
As the analyst noted, the domain names involved in the phishing campaign don’t just impersonate or imitate the AnyDesk brand. This is typosquatting, this way of trying to deceive the Internet user with a URL address close to the legitimate address. The names of software or platforms 7zip, Slack, TeamViewer or VideoLan are also diverted. However, all these addresses refer to a single fake page imitating that of AnyDesk.
According to Cyble, the Vidar malware is spyware that targets Windows environments. Appeared in 2018, this discreet malicious program targets the collection of banking and crypto information, browsing history or user passwords. Available at the request of cybercriminals, the malware is customizable. It was notably used to spread the GandCrab ransomware.