Security News > 2023 > January > Over 1,300 fake AnyDesk sites push Vidar info-stealing malware
A massive campaign using over 1,300 domains to impersonate the official AnyDesk site is underway, all redirecting to a Dropbox folder recently pushing the Vidar information-stealing malware.
Due to the tool's popularity, malware distribution campaigns often abuse the AnyDesk brand.
In October 2022, Cyble reported that the operators of Mitsu Stealer were using an AnyDesk phishing site to push their new malware.
In the newly discovered campaign, the sites were distributing a ZIP file named 'AnyDeskDownload.zip' [VirusTotal] that pretended to be an installer for the AnyDesk software.
Instead of hiding the malware payload behind redirections to evade detection and takedowns, the recent Vidar campaign used the Dropbox file hosting service, which is trusted by AV tools, to deliver the payload. BleepingComputer has recently seen Vidar being pushed by a campaign relying on over 200 typosquatting domains that impersonated 27 software brands.
It is unclear if all of these malware campaigns are related to the fake AnyDesk sites.