Security News AnyDesk: Be careful in using that remote support software

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,585
A short warning to IT supporters who use the AnyDesk remote maintenance software for remote support. A few days ago, I reported some issues with this product (see my German blog post Störung bei AnyDesk, jemand betroffen?). AnyDesk web site has been on maintenance since January 30, 2024. Now vague information is trickling in, that there has been a cyber incident – although there is an information lock, so I can't get any details.

The information I got so far is that there is a problem with AnyDesk. A cyber incident has been occurred – but no details are available from my sources. There is a recommendation from one source (which is currently rather nebulous) to look very carefully where AnyDesk is used (never in critical infrastructure environments).

Combining numerous vague fragments of information I got from several sources – and some concrete observations from the readership – I have an idea of what might have happened. The official change log of AnyDesk client version 8.0.8, dated January 29, 2024, says "Exchanged code signing certificate. The previous certificate will be invalidated soon. Please update." I know also, that there is a confidential warning from German cyber security watch guard (BSI) – but I was not able to get the details.

As a precautionary measure, I would not use use AnyDesk anymore until the details have been clarified and to keep a very close eye on systems in which the product was used in January 2024 (and scan them for malware if necessary). I hope, I can report a few more details within the next days.
 

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,585
Update:
My fears have been confirmed. The days-long "maintenance" of the AnyDesk websites is the result of a cyber attack. AnyDesk's production systems have been hacked. All AnyDesk software must be considered compromised. After the German CERT (BSI) sent out a confidential warning to users of critical infrastructures, I have received finally the incident report from AnyDesk. Below I have put together all the information I now have in one article.
 

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,585
Another update:
In my blog post AnyDesk confirmed, they have been hacked in January 2024, Production systems affected – Part 1 I compiled the information officially published by AnyDesk and a brief history. However, I've been working on this topic for a few days now and in the meantime I've received a few tidbits of information that have led to further insights, questions and speculation. Below is a compilation of these points.
 

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,585
Günter Born posted a lot of updates on this AnyDesk hack:
AnyDesk hack – more details (FAQ from Feb. 5, 2024) – Part 8
 

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,585
I am using free version but few months ago I uninstalled it and use it as portable app. Didn't create an account or something. Am I still affected?
That is a very good question, I have the same one.
Probably, but there is still a lot unknown about this attack, so I'm not sure...
 

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,585
AnyDesk hack: Revoke chaos with old certificates? – Part 11
Now that it is clear that the provider of remote maintenance software, AnyDesk, was the victim of a hack of its production environment in December 2023, a certificate change for the digital signing of AnyDesk clients is pending. According to my current observations, it is heading towards a "revoke chaos" – from Feb. 14, 2024, the old certificate of "philandro Software GmbH" will be invalid. Clients new signed with this old certificate should then no longer be able to run. By the way, have you noticed that the phrase "the hack took place at the end of December 2023" has also been canceled and is now referred to as "December 2023"?
 

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,585
AnyDesk hack: Newly signed clients available; what are your experiences? – Part 12
At the begin of February 2024, it became known that the provider of remote maintenance software, AnyDesk, was the victim of a hack of its production environment. I pointed out early on that the hack had already taken place in December 2023. As a result, a certificate change for the digital signing of AnyDesk clients is pending, an old certificate from "philandro Software GmbH" has been recalled and is now invalid. Newly signed clients should be available from February 12 or 13, 2024.
 

B-boy/StyLe/

Level 3
Verified
Well-known
Mar 10, 2023
144
I am wondering if this is somehow related.
I didn't use AnyDesk for a while and now when I needed it, it's gone and the folder is empty. LOL. Poltergeist? 🤣
Just like this topic here:

hXXps://www.reddit.com/r/AnyDesk/comments/1agd3ds/anydesk_folder_suddenly_become_blank/
 

rashmi

Level 5
Jan 15, 2024
211
I use TeamViewer, but it now requires signing in. Is it safe to use AnyDesk now? Can you use AnyDesk without signing in? I will use the portable version.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top