Opened my Windows 10 VM with IDA pro, process hacker and procmon installed in it and started exploring this installer. I searched around a little bit and found that the malware has been distributed from an unofficial domain called as yet the official domain is I downloaded the malicious installer. I was very interested since I am also a frequent user of anydesk. It all started when I came across a tweet saying a trojanized anydesk version has been circulating in the wild. I believe this is a Russian malware since it is targeting everyone excluding Russia and some neighboring countries like Belarus and Kazakh. ![]() The malware has been hitting browsers and stealing bitcoin crypto wallets of multiple vendors. ![]() This blog provides a detailed analysis of anydesk application that has been trojanized and distributed from a ranked unofficial website.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |