Over 1,300 Domains Used to Deliver Notorious Information Stealer Malware

The decent AnyDesk web page is being impersonated utilizing extra than 1,300 domains, all of that are linking to a Dropbox folder that delivers the malware that steals recordsdata, Vidar.

AnyDesk is a a lot away desktop program that offers file transfer, some distance away procure admission to to fully different computer techniques, and completely different parts.

Cyble revealed in October 2022 that the operators of Mitsu Stealer were pushing their unique malware by means of an AnyDesk phishing teach.

The present AnyDesk campaign modified into found by SEKOIA menace analyst crep1x, who tweeted a warning and supplied the plump list of the campaign’s malicious hostnames. These hostnames all end result in 185.149.120[.]9, the identical IP take care of.

The list of the hostnames contains typosquats for AnyDesk, MSI Afterburner, 7-ZIP, Blender, Dashlane, Slack, VLC, OBS, cryptocurrency shopping and selling apps, and completely different popular software.

Reports acknowledged that the bulk domains are peaceful filled with life, nonetheless, some were reported and taken offline by registrars or are banned by antivirus software.

Also, the menace actor can without considerations resolve this by changing the download URL to but another teach, nonetheless since every ingredient of this campaign aspects to the identical web page.

Vidar Data-Stealing Malware

Researchers sing the web sites were spreading a ZIP file with the title “AnyDeskDownload.zip” [VirusTotal] that claimed to be an AnyDesk software installer.

Alternatively, Vidar stealer, a malware that has been round since 2018, is installed in situation of the some distance away procure admission to software.

Notably, the malware will take the victims’ having a take a look at historic past, login recordsdata, previously-saved passwords, cryptocurrency wallet recordsdata, banking info, and completely different deepest recordsdata.

After being supplied reduction to the attackers, this recordsdata is also worn for quite a bit of hideous applications or supplied to fully different menace actors.

Basically the most present Vidar campaign delivered the malware payload by means of the Dropbox file web hosting provider, which is trusted by AV instruments, quite than hiding it unhurried redirections to dwell away from detection and takedowns.

Hence, customers could presumably peaceful dwell away from clicking on sponsored advertisements in Google Search, bookmark the web sites they hurry to to download software and construct the decent URL of a software venture from its Wikipedia page, documentation, or your OS’s package supervisor.