AnyDesk Software GmbH, the German company behind the widely used (and misused) remote desktop application of the same name, has confirmed they’ve been hacked and their production systems have been compromised.
The statement was published on Friday evening and lacks technical details about the breach. The incident is not related to ransomware, they added.
What happened?
A few hours before AnyDesk’s revelation, security researcher Kevin Beaumont pointed to the possibility of AnyDesk having been hacked.
“They just had a several day authentication outage they describe as ‘planned maintenance’ (it wasn’t planned) and have now reemerged with a new client,” he noted: AnyDesk version 8.0.8, released on January 29, 2024, which has been signed with a new code signing certificate.
AnyDesk has called in cyberattack response services firm Crowdstrike to investigate and remediate the compromise, and their statement says they:
- Will be soon be revoking the previous code signing certificate for their binaries
- Have revoked all security-related certificates and systems have been remediated or replaced where necessary
- Are revoking all passwords to their web portal (my.anydesk.com) and are recommending that users change their passwords
Even though AnyDesk obviously operates under the assumption that all security-related certificates and passwords have been stolen, the company claims that “the situation is under control and it is safe to use AnyDesk” and that they have no evidence that any end-user devices have been affected.
Should AnyDesk users worry?
German security blogger Günter Born has shared a number of cases reported by his readers about suspicious AnyDesk-related happenings in the past week, but many of them seem to have been “false alarms”. One, though, pointed to the (now confirmed) AnyDesk infrastructure changes following disruptions.
In related news, Resecurity has reported during the weekend about AnyDesk customer account credentials being offered for sale on cybercriminal forums, but they are apparently unrelated to the current breach (and have been compromised through the use of information-stealing malware).
Until AnyDesk shares more details about what was compromised and how, users should: