Security News AnyDesk: Be careful in using that remote support software

Gandalf_The_Grey

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,600
Content source
https://borncity.com/win/2024/02/02/anddesk-be-careful-in-using/
A short warning to IT supporters who use the AnyDesk remote maintenance software for remote support. A few days ago, I reported some issues with this product (see my German blog post Störung bei AnyDesk, jemand betroffen?). AnyDesk web site has been on maintenance since January 30, 2024. Now vague information is trickling in, that there has been a cyber incident – although there is an information lock, so I can't get any details.

The information I got so far is that there is a problem with AnyDesk. A cyber incident has been occurred – but no details are available from my sources. There is a recommendation from one source (which is currently rather nebulous) to look very carefully where AnyDesk is used (never in critical infrastructure environments).

Combining numerous vague fragments of information I got from several sources – and some concrete observations from the readership – I have an idea of what might have happened. The official change log of AnyDesk client version 8.0.8, dated January 29, 2024, says "Exchanged code signing certificate. The previous certificate will be invalidated soon. Please update." I know also, that there is a confidential warning from German cyber security watch guard (BSI) – but I was not able to get the details.

As a precautionary measure, I would not use use AnyDesk anymore until the details have been clarified and to keep a very close eye on systems in which the product was used in January 2024 (and scan them for malware if necessary). I hope, I can report a few more details within the next days.
Click to expand...
borncity.com

AndDesk: Be careful in using that remote support software

[German]A short warning to IT supporters who use the AnyDesk remote maintenance software for remote support. A few days ago, I reported some issues with this product (see my German blog post Störung bei AnyDesk, jemand betroffen?). AnyDesk web site has been on maintenance since January 30, 2024...
borncity.com
 
  • Wow
  • Like
  • +Reputation
Reactions: rashmi, Balrog, Viking and 14 others
Gandalf_The_Grey

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,600
Update:
My fears have been confirmed. The days-long "maintenance" of the AnyDesk websites is the result of a cyber attack. AnyDesk's production systems have been hacked. All AnyDesk software must be considered compromised. After the German CERT (BSI) sent out a confidential warning to users of critical infrastructures, I have received finally the incident report from AnyDesk. Below I have put together all the information I now have in one article.
Click to expand...
borncity.com

AnyDesk confirmed, they have been hacked in January 2024, Production systems affected

[German]My fears have been confirmed. The days-long "maintenance" of the AnyDesk websites is the result of a cyber attack. AnyDesk's production systems have been hacked. All AnyDesk software must be considered compromised. After the German CERT (BSI) sent out a confidential warning to users of...
borncity.com
 
  • Like
  • Wow
  • +Reputation
Reactions: rashmi, Jonny Quest, Nevi and 8 others
Gandalf_The_Grey

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,600
Another update:
In my blog post AnyDesk confirmed, they have been hacked in January 2024, Production systems affected – Part 1 I compiled the information officially published by AnyDesk and a brief history. However, I've been working on this topic for a few days now and in the meantime I've received a few tidbits of information that have led to further insights, questions and speculation. Below is a compilation of these points.
Click to expand...

AnyDesk hack undercover – more information and thoughts – Part 2

[German]In my blog post AnyDesk confirmed, they have been hacked in January 2024, Production systems affected - Part 1 I compiled the information officially published by AnyDesk and a brief history. However, I've been working on this topic for a few days now and in the meantime I've received a...
borncity.com
 
  • Like
  • +Reputation
Reactions: rashmi, vtqhtr413, brambedkar59 and 5 others
Gandalf_The_Grey

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,600
Günter Born posted a lot of updates on this AnyDesk hack:
AnyDesk hack – more details (FAQ from Feb. 5, 2024) – Part 8

AnyDesk hack – more details (FAQ from Feb. 5, 2024) – Part 8

[German]The successful cyberattack on the provider of remote maintenance software, AnyDesk GmbH, has caused quite a stir. One problem for users of AnyDesk - at least in my eyes - is that the provider is very tight-lipped about the details. We don't know what happened, we don't know when...
borncity.com
 
  • +Reputation
  • Like
  • Thanks
Reactions: rashmi, ZeroDay, Dave Russo and 1 other person
Gandalf_The_Grey

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,600
Vasudev said:
I am using free version but few months ago I uninstalled it and use it as portable app. Didn't create an account or something. Am I still affected?
Click to expand...
That is a very good question, I have the same one.
Probably, but there is still a lot unknown about this attack, so I'm not sure...
 
  • Like
Reactions: rashmi and vtqhtr413
Gandalf_The_Grey

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,600
AnyDesk hack: Revoke chaos with old certificates? – Part 11
Now that it is clear that the provider of remote maintenance software, AnyDesk, was the victim of a hack of its production environment in December 2023, a certificate change for the digital signing of AnyDesk clients is pending. According to my current observations, it is heading towards a "revoke chaos" – from Feb. 14, 2024, the old certificate of "philandro Software GmbH" will be invalid. Clients new signed with this old certificate should then no longer be able to run. By the way, have you noticed that the phrase "the hack took place at the end of December 2023" has also been canceled and is now referred to as "December 2023"?
Click to expand...
borncity.com

AnyDesk hack: Revoke chaos with old certificates? – Part 11

[German]Now that it is clear that the provider of remote maintenance software, AnyDesk, was the victim of a hack of its production environment in December 2023, a certificate change for the digital signing of AnyDesk clients is pending. According to my current observations, it is heading towards...
borncity.com
 
  • +Reputation
Reactions: rashmi and vtqhtr413
Gandalf_The_Grey

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,600
AnyDesk hack: Newly signed clients available; what are your experiences? – Part 12
At the begin of February 2024, it became known that the provider of remote maintenance software, AnyDesk, was the victim of a hack of its production environment. I pointed out early on that the hack had already taken place in December 2023. As a result, a certificate change for the digital signing of AnyDesk clients is pending, an old certificate from "philandro Software GmbH" has been recalled and is now invalid. Newly signed clients should be available from February 12 or 13, 2024.
Click to expand...
borncity.com

AnyDesk hack: Newly signed clients available; what are your experiences? – Part 12

[English]At the begin of February 2024, it became known that the provider of remote maintenance software, AnyDesk, was the victim of a hack of its production environment. I pointed out early on that the hack had already taken place in December 2023. As a result, a certificate change for the...
borncity.com
 
  • +Reputation
  • Like
Reactions: rashmi, ZeroDay and vtqhtr413
B-boy/StyLe/

B-boy/StyLe/

Level 3
Verified
Well-known
Mar 10, 2023
144
I am wondering if this is somehow related.
I didn't use AnyDesk for a while and now when I needed it, it's gone and the folder is empty. LOL. Poltergeist? 🤣
Just like this topic here:

hXXps://www.reddit.com/r/AnyDesk/comments/1agd3ds/anydesk_folder_suddenly_become_blank/
 
  • Like
  • Wow
Reactions: rashmi, Vasudev and Gandalf_The_Grey
R

rashmi

Level 5
Jan 15, 2024
213
I use TeamViewer, but it now requires signing in. Is it safe to use AnyDesk now? Can you use AnyDesk without signing in? I will use the portable version.
 

Similar threads

CyberPanther
    • Like
Security News VULNERABILITIES Possibly Exploited Fortinet Flaw Impacts Many Systems, but No Signs of Mass Attacks
Replies
0
Views
726
Security News
CyberPanther
CyberPanther
Gandalf_The_Grey
    • +Reputation
    • Like
    • Applause
Security News Microsoft April 2024 Patch Tuesday fixes 150 security flaws, 67 RCEs
Replies
3
Views
1,219
Security News
Gandalf_The_Grey
Gandalf_The_Grey
Bot
    • Like
Security News Iran-Linked MuddyWater Deploys Atera for Surveillance in Phishing Attacks
Replies
1
Views
923
Security News
LennyFox
L

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top