Security News Legitimate Application AnyDesk Bundled with New Ransomware Variant

[LASER_oneXM]

Content source

https://blog.trendmicro.com/trendlabs-security-intelligence/legitimate-application-anydesk-bundled-with-new-ransomware-variant/

We recently discovered a new ransomware (Detected as RANSOM_BLACKHEART.THDBCAH), which drops and executes the legitimate tool known as AnyDesk alongside its malicious payload. This isn’t the first time that a malware abused a similar tool. TeamViewer, a tool with more than 200 million users, was abused as by a previous ransomware that used the victim’s connections as a distribution method.

In this instance, however, RANSOM_BLACKHEART bundles both the legitimate program and the malware together instead of using AnyDesk for propagation.

Bundling a legitimate tool with ransomware

Although the specifics of how RANSOM_BLACKHEART enters the system remains unknown, we do know that users can unknowingly download the ransomware when they visit malicious sites.

Once downloaded, RANSOM_BLACKHEART drops and executes two files:
... ...
...

As noted earlier, the first file contains AnyDesk, a powerful application capable of bidirectional remote control between different desktop operating systems, including Windows, macOS, Linux and FreeBSD, as well as unidirectional access on Android and iOS. In addition, it can perform file transfers, provide client to client chat and can also log sessions. Note that the version used by the attackers is an older version of AnyDesk, and not the current one.
... ... ...