Beware of fake AnyDesk sites that is using new Vidar Malware

Massive malware attacks have been made by threat actors using more than 1,300 domains that impersonate the official AnyDesk site which pushes Vidar Malware to steal sensitive data from the endpoint PC. It includes browser history, IP addresses, banking information, login credentials, saved passwords, and crypto wallets. This data is sent back to the stealer to further use it for their benefit.

Anydesk is used to control other's devices remotely and perform actions. It is usually used in corporates and by regular users. Cybercriminals have already tried to exploit users using AnyDesk spoofing to distribute their malware.

What is Vidar Stealer Malware?

Vidar is a type of malware, specifically an information stealer. It is designed to steal sensitive information such as login credentials and financial data from infected computers. Vidar is typically spread through phishing emails or infected software downloads and can be difficult to detect and remove. It is important to keep your computer and software up to date, use anti-virus software, and be cautious when opening emails or clicking on links from unknown sources to protect yourself from Vidar and other types of malware.

Malicious actors created several hostnames that impersonate AnyDesk, MSI Afterburner, 7-ZIP, Blender, Dashlane, Slack, VLC, OBS, cryptocurrency trading apps, and other popular software. Largely AnyDesk. Regardless of a different name, these sites take users to a clone AnyDesk site of the same IP 185.149.120[.]9.

In this new campaign, a Zip file 'AnyDeskDownload.zip' is being distributed using these clone site that pretends to be the installer of AnyDesk. When the user allows this installer, it installs 'Vidar stealer' which is being circulated since 2018.

They created imitating sites like AnyDesk's official site, and they direct users to an intermediary webpage until the distribution of their malware usually for at least 100 seconds.

How to keep yourself safe from this campaign

- Always use the official URL of the project from the package manager of your OS or their dedicated Site.
- Always do bookmark the websites you use to download software.
- Do not click on promoted results shown on the Google search.

You will surely need a legitimate anti-virus to protect yourself from this type of campaign. Install NPAV on your systems to ensure best-in-class security against malware and ransomware attacks. Use NPAV and join us on a mission to secure the cyber world.