![Authentication Flood | Wireless Network Attacks [FREE COURSE CONTENT]](https://www.ineedhack.com/wp-content/uploads/2023/01/Course-content-16-360x180.png)
AnyDesk users, beware! An extensive phishing attack involving more than 1300 domains released Vidar information stealer through imitating AnyDesk. To avoid these threats, users should ensure that AnyDesk and any other software are downloaded only from official websites.
Vidar Information Stealer Pushed by AnyDesk Phishing campaign
A threat analyst and security researcher at SEKOIA.IO has shared information about a phishing attack on AnyDesk.
To trick victims, this attack has seen over 1300 domains created by the hackers behind this campaign. They redirect them to a site that looks identical to AnyDesk. The threat actors are attempting to deliver the Vidar information stealer to potential victims.
, a powerful data-stealing trojan, made its way to the top of 2018’s news. It typically reaches target devices through malvertising, and then sneakily sets itself up on the device to steal sensitive data.
Vidar was involved in many spam campaigns targeting victims around the world.
Crep1x claims that he discovered over 1300 domains which were delivering Vidar and posed as AnyDesk Installers. They have uploaded the malware to a Dropbox link, which redirects all domain . All domains point to the same IP.
More than 1300 domains host a website that imitates the official AnyDesk site.
Each webpage redirects the user to the Dropbox link. Download stealer from botnet 586
Domains all resolve to the IP address of 185.149.120[. ]9
This is a very interesting campaign!
Crep1x (@crep1x
The attackers also made use of typosquatted names to disguise other software such as Slack and TeamViewer. However, all domains point back to the exact same website that is impersonating AnyDesk.
Domain names are typosquated using various software, such as 7zip, AnyDesk and Slack. TeamViewer, VideoLAN, TeamViewer, TeamViewer and TeamViewer. However, all domains show the AnyDesk website
It seems that the threat actor may reuse domains from other campaigns. We don’t know how these websites are distributed.
Domains
Crep1x (@crep1x
The researcher shared some responses on Twitter, indicating that NameCheap hosts malicious domains. NameCheap was alerted and responded that they would “take care” of the situation, while DigitalOcean domains are still being removed.
It isn’t the only phishing attack on AnyDesk. reported that a malware campaign was also using AnyDesk to spread Mitsu malware in October 2022.
We would love to hear your comments.
