On Wednesday, Cybersecurity researchers revealed the disruption of a malvertising network targeting the AnyDesk, which is software that allows users to “connect to a computer remotely, be it from the other end of the office or halfway around the world”, the malvertising network delivered a modified version of the installer through the use of Google ads that appeared in the search engine results pages.
The campaign, which is believed to have commenced April 21st, 2021, entails a malicious file that imitates a setup executable for AnyDesk (AnyDeskSetup.exe), which once installed, downloads a PowerShell implant to accumulate and withdraw system information.
AnyDesk’s remote desktop access solution has been downloaded by more than 300 million users worldwide, according to the company’s website. Although the cybersecurity firm did not attribute the cyber activity to a specific threat actor or nexus, it suspected it to be a “widespread campaign affecting a wide range of customers” given the large user base.
The PowerShell script may appear like a generic backdoor, however, it is the intrusion route where the attack throws a curve, signalling that it’s beyond a garden-variety data gathering operation the AnyDesk installer is distributed through malicious Google ads placed by the threat actor, which are then served to unsuspecting people who are using Google to search for ‘AnyDesk.’
The fraudulent ad result, when clicked, redirects users to a page that is a replica of the genuine AnyDesk website, in addition to providing the individual with a link to the warped installer.
Cybersecurity professionals estimate that 40% of clicks on the malicious Google ad turned into installations of the altered AnyDesk installer, and 20% of those installations included follow-on hands-on-keyboard activity. Google was notified about these findings and is said to have undertaken immediate action to take down the ad. This technique provided threat actors with the capability to spontaneously select targets of interest. Due to the nature of the Google advertising platform, it can provide an estimate of how many people will click on the ad. This allows the threat actors to sufficiently strategise and budget based on this information.
Get our latest cyber intelligence insights straight into your inbox
Fill out the short form below to subscribe to our newsletter so that you never miss out on
our cyber intelligence insights and news.
Privacy Overview
This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
Orpheus is a leading cyber security company that offers predictive and actionable intelligence to clients, enabling them to anticipate, prepare for, and respond to cyber threats. Our threat intelligence is used to create threat-led cyber risk ratings, providing a more accurate assessment of risk than just analysing an organisation’s attack surface. Products include; External attack surface management, risk-based vulnerability management, third-party supply chain risk management and cyber threat intelligence. Cyber security jobs and careers.
Strictly Necessary Cookies
These cookies are strictly necessary to provide you with services available through our website and to use some of its features. These must be enabled at all times, so that we can save your preferences.
Orpheus is a leading cyber security company that offers predictive and actionable intelligence to clients, enabling them to anticipate, prepare for, and respond to cyber threats. Our threat intelligence is used to create threat-led cyber risk ratings, providing a more accurate assessment of risk than just analysing an organisation’s attack surface. Products include; External attack surface management, risk-based vulnerability management, third-party supply chain risk management and cyber threat intelligence. Cyber security jobs and careers.
If you do not enable Strictly Necessary Cookies, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.
Orpheus is a leading cyber security company that offers predictive and actionable intelligence to clients, enabling them to anticipate, prepare for, and respond to cyber threats. Our threat intelligence is used to create threat-led cyber risk ratings, providing a more accurate assessment of risk than just analysing an organisation’s attack surface. Products include; External attack surface management, risk-based vulnerability management, third-party supply chain risk management and cyber threat intelligence. Cyber security jobs and careers.
3rd Party Cookies
This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.
Keeping this cookie enabled helps us to improve our website.
Orpheus is a leading cyber security company that offers predictive and actionable intelligence to clients, enabling them to anticipate, prepare for, and respond to cyber threats. Our threat intelligence is used to create threat-led cyber risk ratings, providing a more accurate assessment of risk than just analysing an organisation’s attack surface. Products include; External attack surface management, risk-based vulnerability management, third-party supply chain risk management and cyber threat intelligence. Cyber security jobs and careers.
Please enable Strictly Necessary Cookies first so that we can save your preferences!
Orpheus is a leading cyber security company that offers predictive and actionable intelligence to clients, enabling them to anticipate, prepare for, and respond to cyber threats. Our threat intelligence is used to create threat-led cyber risk ratings, providing a more accurate assessment of risk than just analysing an organisation’s attack surface. Products include; External attack surface management, risk-based vulnerability management, third-party supply chain risk management and cyber threat intelligence. Cyber security jobs and careers.
Orpheus is a leading cyber security company that offers predictive and actionable intelligence to clients, enabling them to anticipate, prepare for, and respond to cyber threats. Our threat intelligence is used to create threat-led cyber risk ratings, providing a more accurate assessment of risk than just analysing an organisation’s attack surface. Products include; External attack surface management, risk-based vulnerability management, third-party supply chain risk management and cyber threat intelligence. Cyber security jobs and careers.
Request Demo Access
Fill out your details below and we'll be in touch to arrange demo access for you as soon as
possible.