![]() ![]() The file bogus executable was signed by “Digital IT Consultants Plus Inc”, instead of the legitimate creators “philandro Software GmbH”. Researchers explained they first, “observed a suspicious file masquerading as AnyDesk… However, this was not the legitimate AnyDesk Remote Desktop application - rather, it had been weaponized with additional capabilities.” ![]() Once executed, the malware attempted to launch a PowerShell script. Researchers said victims who downloaded the program were conned into executing a binary called AnyDeskSetup.exe. ![]() Twenty percent of those installations included “follow-on hands-on-keyboard activity” by criminals of the victim’s system, according a report on the incident published Wednesday. As a result, researchers with Crowdstrike estimate, 40 percent of those that clicked on the ad began the installation of the malware. The campaign, active since April 22, is notable because the criminals behind the malicious ad managed to avoid Google’s anti- malvertising screening policing. The campaign even bested AnyDesk’s own ad campaign on Google – ranking higher in its paid results. A fake version of the popular remote desktop application AnyDesk, pushed via ads appearing in Google search results, served up a trojanized version of the program.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |