A recent phishing campaign utilizing AnyDesk, a popular remote desktop application, has been discovered by Malwarebytes researchers, raising concerns about potential threats to corporate networks. The attackers personalized emails and SMS messages to target employees, directing them to newly registered websites mimicking financial institutions. Instead of directly phishing for information, the attackers aimed to trick victims into downloading an outdated AnyDesk executable, disguised as a “live chat application.” Upon running the program, victims would see a code, allowing attackers to potentially gain control over the victim’s machine and perform actions that appear legitimate.
The utilization of remote monitoring and management (RMM) software in phishing campaigns is not a new tactic, but it remains effective, especially when targeting corporate entities. Such attacks often go undetected by banking sites, making it crucial for organizations to be vigilant. The popularity of RMMs like AnyDesk within organizations makes them an attractive target for cybercriminals seeking unauthorized access to networks and sensitive data. The risks associated with the misuse of legitimate tools, coupled with the recent data breach suffered by AnyDesk, highlight the need for organizations to update software inventory, consider removing unnecessary tools, restrict potentially exploitable tools, recognize unusual activity, and maintain regular patching and updates to enhance cybersecurity defenses.
