AnyDesk
Developer(s) | AnyDesk SoftwareGmbH | ||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Stable release(s)[±] | |||||||||||||||
| |||||||||||||||
Operating system | Windows,macOS,Linux,Android,iOS,FreeBSD,Raspberry Pi | ||||||||||||||
Type | Remote desktop software,Remote administration,Remote support | ||||||||||||||
License | Proprietary software | ||||||||||||||
Website | anydesk |
AnyDeskis aremote desktop applicationdistributed by AnyDesk Software GmbH. Theproprietarysoftware program provides platform-independent remote access topersonal computersand other devices running the host application.[8]It offers remote control,file transfer,andVPNfunctionality. AnyDesk is often used intechnical support scamsand other remote access scams.[9][10][11]
Company
[edit]AnyDesk Software GmbH was founded in 2014 inStuttgart,Germany and now has subsidiaries in theUS,China,andHong Kong,as well as an Innovation Hub inGeorgia.[12][13]
In May 2018, AnyDesk secured 6.5 million euros of funding in aSeries Around led byEQT Ventures.[14][15]Another round of investment in January 2020 brought AnyDesk to over twenty million dollars of combined funding.[16]
Software
[edit]AnyDesk uses the proprietaryvideo codec"DeskRT". It is designed to allow users high-quality video and sound reception, and keep the amount of data transmitted to a minimum.[14]
AnyDesk partnered withremote monitoring and managementandmobile device managementservices, such asAtera Networks[17]andMicrosoft Intune.[18]
Features
[edit]Availability of features is dependent upon the license of the individual user. Some main features include:[19]
- Remote access for multiple operating systems (Windows, Linux, macOS, iOS, Android, etc.)
- File transfer and manager
- Remote print
- VPN
- Unattended access
- Whiteboard
- Auto-discovery (automatic analysis of local network)
- Chatfunction
- RESTAPI
- Custom clients
- Session protocol
- Two-factor authentication
- Individual host server
Security
[edit]AnyDesk usesTLS1.2 with authenticated encryption. Every connection between AnyDesk clients is secured withAES-256. When a direct network connection can be established, the session isendpoint encryptedand its data is not routed through AnyDesk servers.[20]Additionally,whitelistingof incoming connections is possible.[21]
Abuses
[edit]AnyDesk is one of many tools used intechnical support scamsand other remote access scams.[9][10][11]It can be optionally installed oncomputersandsmartphoneswith full administrative permissions, if the user chooses to do so.[22]This provides the host user with full access to the guest computer over the Internet, and, like all remote desktop applications, is a severe security risk if connected to an untrusted host.
Mobile access fraud
[edit]In February 2019,Reserve Bank of Indiawarned of an emergingdigital bankingfraud, explicitly mentioning AnyDesk as the attack channel.[23]The general scam procedure is as follows: fraudsters get victims to download AnyDesk from the Google Play Store on their mobile phone, usually by mimicking the customer service of legitimate companies. Then, the scammers convince the victim to provide the nine-digit access code and to grant certain permissions.[24]After permissions are obtained and if no other security measures are in place, the scammers usually transfer money using the IndianUnified Payment Interface.[25]A similar scam took place in 2020, according to Kashmir Cyber police.[26]The same method of theft is widely used internationally on either mobile phones or computers: a phone call convinces a person to allow connection to their device, typically from a caller claiming to be a service provider to "solve problems with the computer/phone", warning that Internet service will otherwise be disconnected, or from a caller claiming to be a financial institution because "there have been suspicious withdrawal attempts from your account".
Bundling with ransomware
[edit]In May 2018, the Japanese cybersecurity firmTrend Microdiscovered that cybercriminals bundled a new ransomware variant with AnyDesk, possibly as an evasion tactic masking the true purpose of the ransomware while it performs its encryption routine.[27][28]
Technical support scams
[edit]Scammers use AnyDesk and similar remote desktop software to obtain full access to the victims' computer by impersonating a technical support person.[29][30][31]The victim is asked to download and install AnyDesk and provide the attackers with access. When access is obtained, the attackers can control the computer and move personal files and sensitive data.
In 2017, the UK basedISPTalkTalkbannedTeamViewerand similar software from all its networks after scammers cold called victims and talked them into giving access to their computer. The software was removed from the blacklist after setting up a scam warning.[32]In September 2021, theState Bank of Indiawarned customers not to install AnyDesk or similar apps.[33]In March 2022, theFederal Bureau of Investigationissued a cybersecurity advisory noting that AnyDesk software was used in the operations of the AvosLockerransomwaregang.[34]
In 2023, AnyDesk announced the establishment of an "Anti-Fraud Task Force" in partnership with a number of prominent scam baiters in an initiative to combat technical support scams and abuse of remote-access software. The task force includedJim Browning,KitbogaandScammer Payback.[35]
See also
[edit]References
[edit]- ^"Changelog for Windows".AnyDesk.Retrieved2024-09-23.
- ^"Changelog for macOS".AnyDesk.Retrieved2024-09-23.
- ^"Changelog for Linux".AnyDesk.Retrieved2024-09-23.
- ^"AnyDesk Remote Desktop".Google Play.Retrieved2024-09-23.
- ^"AnyDesk Remote Desktop".App Store.Retrieved2024-09-23.
- ^"Changelog for Raspberry Pi".AnyDesk.Retrieved2024-09-23.
- ^"Changelog for FreeBSD".AnyDesk.Retrieved2024-09-23.
- ^"Innovative and Reliable: Our Features".AnyDesk.Retrieved2020-05-25.
- ^abAussies have lost over AU$7 million to remote access scams already this year
- ^abScammers drain bank accounts using AnyDesk and SIM-swapping
- ^abSingh, Shelley."AnyDesk: Fraud is only possible if user grants access: Oldrich Müller, COO, AnyDesk".The Economic Times.Retrieved2022-05-05.
- ^"AnyDesk verspricht PC-Fernsteuerung in Echtzeit".deutsche-startups.de(in German). 16 July 2014.Retrieved2018-08-21.
- ^"AnyDesk press release about innovation hub in Georgia".AnyDesk.2022-04-07.Retrieved2022-10-12.
- ^ab"AnyDesk scores €6.5M for its remote desktop software – TechCrunch".techcrunch.com.15 May 2018.Retrieved2018-06-15.
- ^"EQT Ventures' investment in AnyDesk".eqtventures.com.Archived fromthe originalon 2018-08-22.Retrieved2018-08-22.
- ^"Global Software Innovator, AnyDesk, Launches Expansion with Leading Growth Equity Investor, Insight Partners | News & Press".Insight Partners.2020-01-22.Retrieved2020-05-25.
- ^Official website of Atera
- ^Integration Partners,AnyDesk official website
Atera and AnyDesk – Where the Hassle Ends and Simplicity Starts,AnyDesk official blog - ^"Category:Features - AnyDesk Help Center".support.anydesk.com.Archived fromthe originalon 2018-06-27.Retrieved2020-05-25.
- ^"Security - AnyDesk Help Center".support.anydesk.de.Archived fromthe originalon 2018-08-22.Retrieved2018-08-21.
- ^"Access and Session Requests - AnyDesk Help Center".AnyDesk Help Center.Archived fromthe originalon 2019-07-30.Retrieved2018-08-22.
- ^"Administrator Privileges and Elevation (UAC) - AnyDesk Help Center".support.anydesk.com.Archived fromthe originalon 2019-07-30.Retrieved2019-07-30.
- ^KVN, Rohit (2019-02-18)."RBI malware warning: Refrain from installing 'AnyDesk' mobile app or else risk losing bank balance".International Business Times, India Edition.Retrieved2019-02-19.
- ^"RBI AnyDesk Warning: This app can steal all money from your bank account, never download".Zee Business.2019-02-17.Retrieved2019-02-19.
- ^"RBI Cautions Against Fraudulent Transactions On UPI Platform".BloombergQuint.16 February 2019.Retrieved2019-02-19.
- ^"Cyber Police Kashmir unearths 'AnyDesk' online fraud".www.daijiworld.com.Retrieved2021-02-25.
- ^"Legitimate Application AnyDesk Bundled with New Ransomware Variant - TrendLabs Security Intelligence Blog".2018-05-01.Retrieved2018-08-28.
- ^"WanaCrypt Ransomware – 202 N Van Buren Rd Ste E Eden, NC 27288".www.microsupportsystems.com.Archived fromthe originalon 2019-11-01.Retrieved2018-08-28.
- ^"As social engineering activities increase buyer beware of tech support scams".Verizon Enterprise Solutions.Archived fromthe originalon 2017-12-01.Retrieved2018-08-28.
- ^"How to avoid being a tech support scam victim | thinkbroadband".www.thinkbroadband.com.Retrieved2018-08-28.
- ^"02085258899 - tech support scam (using anydesk.com, teamviewer.com and supremofree.com)".blog.dynamoo.com.Retrieved2018-08-28.
- ^"ISP customer data breach could turn into supercharged tech support scams".Naked Security.2017-03-20.Retrieved2018-08-06.
- ^"SBI customers beware! Avoid installing these 4 apps on your phone".Hindustan Times.2021-09-07.Retrieved2022-05-07.
- ^FBI (17 March 2022)."Indicators of Compromise Associated with AvosLocker Ransomeware"(PDF).FBI Internet Crime Complaint Center.Retrieved7 May2022.
- ^AnyDesk (2023-05-16)."AnyDesk Fights Back Against Fraud".AnyDesk Blog.Retrieved2023-05-31.