"Vidar Info-Stealing Malware Promoted by More Than 1,300 Fabricated AnyDesk Websites"
The AnyDesk website is being spoofed in a malicious campaign involving over 1,300 domains, all of which link to a Dropbox folder containing the information-stealing malware called Vidar. AnyDesk, a popular remote desktop application for Windows, Linux, and macOS, is used by millions of users for secure remote connectivity and system administration. Due to the tool's popularity, the AnyDesk brand is often used in malware distribution attempts. The current AnyDesk campaign was detected by the security researcher crep1x of SEKOIA, who provided a list of the campaign's malicious hostnames. The list of hostnames contains typosquats for popular software, including AnyDesk, MSI Afterburner, 7-Zip, Blender, Dashlane, Slack, VLC, OBS, cryptocurrency trading applications, and more. All of them link to the identical AnyDesk clone website. Most of the domains are still active, but others have been flagged and taken offline by registrars or are blocked by antivirus software. This article continues to discuss findings regarding the new AnyDesk campaign aimed at spreading the Vidar information-stealing malware.