A single IP address (185.149.1209) suspiciously runs the hostnames.Īside from AnyDesk, many other popular software tools were also impersonated in the campaign spreading the Vidar infostealer.įrom observing the released list of hostnames, many are typo-squatted domains for popular software tools besides AnyDesk, including MSI Afterburner, Blender, Slack, Dashlane, VLC, 7-Zip, and cryptocurrency trading apps, among others. The security researcher who discovered this campaign first warned people through Twitter and shared a list of all the malicious domains that hosted the fake AnyDesk sites.
The victims of this massive campaign are redirected to a Dropbox folder that pushes the Vidar infostealer into their devices. Malicious actors have used more than 1,300 malicious domains in a recently identified campaign that impersonated the official AnyDesk website.
0 kommentar(er)
