Hundreds of fake AnyDesk sites push Vidar info-stealing malware

By Krishna Rao On Jan 12, 2023

How is eBPF Revolutionizing Kubernetes Scaling

Jan 20, 2024

Seamless CI/CD Integration: The Role of Monitoring as Code

Dec 11, 2023

A major impersonation campaign is aiming to distribute the Vidar infostealer to as many endpoints as possible.

Cybersecurity researcher from SEKOIA, going under the name crep1x, discovered the campaign and rang the alarm on Twitter. In a short Twitter threat, the researcher said he discovered more than 1,300 domains, all of which impersonate major software brands to push the malware (opens in new tab).

The brands impersonated in this campaign include AnyDesk, MSI Afterburner, 7-ZIP, Blender, Dashlane, Slack, VLC, OBS, and cryptocurrency trading apps, to name a few. All of these impersonated brands lead to the same website, a clone of AnyDesk.

Stealing passwords and cryptocurrency

For the uninitiated, AnyDesk is a remote desktop application that gives users remote access to personal computers and allows them to transfer files and be used as a VPN.

Victims that navigate to these sites and try to download the application would be redirected to a Dropbox folder hosting the Vidar infostealer. A variant of the Arkei infostealer, Vidar is capable of stealing credit cards, login credentials, files, and grab screenshots. It is also capable of stealing cryptocurrencies, such as bitcoin or ether, from the victim’s hot wallets (software wallets).

According to BleepingComputer, which reported on crep1x’s findings earlier this week, the campaign is still active and many of the typosquatted domains are still active. Some have been shut down in the meantime. Dropbox was also notified of its services being abused to distribute malware and has killed the link in the meantime.

However, given that all of the malicious sites point to the same place, the threat actors can persist easily by simply updating the download URL.

The best way to protect against such attacks is to be extra careful when downloading software and making sure the apps are only obtained from verified sources. That being said, navigating to the AnyDesk website (as opposed to clicking a supposed AnyDesk link in an email or a social media post) is a good place to start.

Via: BleepingComputer (opens in new tab)

Read original article here

Denial of responsibility! TechnoCodex is an automatic aggregator of the all world’s media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials, please contact us by email – [email protected]. The content will be deleted within 24 hours.