- Watch Out For the Ruling Trends in Mobile Game App Development
- Essential Tips to Help You Create Successful Game Apps
- Fintech vs Techfin: Where Does the Future of Banking Lies?
- Vulnerability Management Process: The Crucial Way to Maintain Your Cyber Security Posture
- Why React Native Framework is the Right Choice for Hybrid App Development
- Why Do You Need Financial Software Development Service for Your Business
- Importance of Fintech Solutions in This Digital Age
- Learn Why it Important To Integrate Content Marketing & SEO
- How Mobile Apps Are Making A Difference in Real Estate Industry
- 10 Useful Tips to Create Highly Engaging Social Media Content
- Building A Website Gets Easy Without Coding
- Five Main Stages of Game Development
- Top SEO Trends You Must Follow in 2022
- Things to Learn for High-End App Development in 2022
- The Right Strategy to Make Your Mobile App Equipped with Sound Social Networking Tools
- 6 Common Mistakes in Ecommerce Website Development To Avoid
- The Year 2021 and The Challenges In Cybersecurity Industry
- Top Benefits of Having an Impactful UI/ UX Design For Your App
- Useful SEO Tips For Small Businesses Website Optimization
- Know The Different Channels Important To Build Your Online Reputation
- Structured Data: An Important Tool in SEO to Mark Strong Online Presence
- Learn the Different Strategies to Use for B2B Lead Generation in Digital Marketing
- Things to Consider Before Launching Your App in Google Play Store
- Google’s Page Experience Update Now Fully Rolled Out- Here’s What You Can Expect
- 7 Useful Tips to Ensure the Best Android App Development
- Learn Professional Web Development Tips to Build an Efficient Website
- Learn the Effective Ways to Manage Your Online Reputation
- Three Principles Every User Experience Designers Should Follow
- Top 5 Benefits of Integrating Cyber Security Services with Your Business
- Google’s New Safeguards for Minors to Create Safer Space on the Internet
- Benefits of Android Game Development You Must Not Ignore
- Google Removes Safe Browsing and Ad Experience Widgets from Page Experience Ranking Signal Criteria
- Google Changes Eligibility for Fact Check Rich Results
- Why You Need To Hire an Online Reputation Management Company for Your Business
- Complete Guide on 2d and 3d Game Development
- MITRE Engenuity releases first ATT&CK evaluations for Industrial Control Systems Security Tools
- WordPress SEO: 3 Quick and Easy Hacks for PageSpeed & Core Web Vitals
- Researchers Reveal New Trick of Hackers to Disable Macro Security Warnings in Malicious Office Files
- Top PHP Development Tools Leading Website Development Company Uses
- Cloud Security Analysis Solutions: The Next Step to Make Your Data Secure
- Learn How to Optimize Your Site for Google’s Page Experience Update
- Amid Rising Cybersecurity Threat Indian Military Personnel to Get Trained in the US on Cyber Warfare
- How the Network Change in Pandemic Steered to Must Cybersecurity
- 7 Reason You Should Get Mobile App for Your Business
- Google Rolls Out New Spam Algorithm Update: What Changes You Can Expect
- Top 10 Benefits of Unity Game Development
- VPN Attacks: A Rising Threat for Remote Work in the COVID-19 Era
- Google Releases New Framework to Prevent Software Supply Chain Attacks
- GitHub Discloses Details of Easy-to-Exploit Linux Vulnerability
- Read Key Highlights of Google Ads API version 8.0
- Here How the Gaming Giant EA was Hacked
- Know How A Malvertising Campaign On Google Distributed Trojanized AnyDesk Installer
- Learn How to Find the Best UI/UX Development Company
- Trends of 2021 Every Top Cyber Security Company in India Follows
- Improve your Conversion Rate with 10 Essential Elements of Good SEO
- Google Announces New Features for App Advertisers to Improve ROI
- FragAttacks: Set of New Vulnerabilities that Expose Nearly All Wi-Fi Devices to Attacks
- Latest Technologies and Trends in Mobile Game App Development
- Babuk – How a Newcomer soon becomes a Growing Ransomware Threat
- 5 Characteristics of the Best Digital Marketing Services Provider
- Here are the Tips to Choose the Best Game App Development Company
- 7 Reasons to do Search Engine Optimization for your Website
- Integrating AI with Cyber Security – Tomorrow of Cyber Security
- How Much Does HIPAA Compliance Cost?
- Best Android Game App Development Company Doesn’t Miss out Following Features
- Effective Voice Search Statistics for 2020
- Android 10: Everything You Need to Know
- How to Make Massive Money with Mobile Apps In 2020
- Drastic boost in mobile gaming during coronavirus lockdown
- Cyber security – A Tool to Address Digital World’s Major Issues; Cyber Attack
- 5 facts to keep in mind before hiring Game app development Company in India.
- Best iOS games app development
Know How A Malvertising Campaign On Google Distributed Trojanized AnyDesk Installer
Recently, a team of cybersecurity researchers from CrowdStrike has exposed a malvertising campaign that targeted AnyDesk. Malvertising has been around for a while alluring users to install the malware in their system. This time researchers flagged a “clever” malvertising campaign, delivering weaponized AnyDesk installer through targeted Google ad that displayed in the search engine results page for the keyword “anydesk.”
According to the CrowdStrike Falcon Complete team, the campaign is believed to have started off as early as April 21, 2021.
It involved a malicious file that pretences as an executable setup for AnyDesk called “AnyDeskSetup.exe”. Upon execution, it exhibits suspicious behavior that did not seem to be the legitimate AnyDesk Remote Desktop application. Being weaponized with additional capabilities the above setup downloads a PowerShell implant to infiltrate and collect information from the system.
“The initial detection kicked off an internal collaboration across CrowdStrike’s Falcon OverWatch™ threat hunting, Intelligence, and Threat Detection and Response teams to piece everything together and respond to this emerging activity across the CrowdStrike customer base,” CrowdStrike mentioned in its blog post.
During the analysis of the suspected setup file, a remote connection with the affected host was made using Falcon Real Time Response (RTR) to collect additional insights into the detection. It let the researcher capture and acquire a copy of the PowerShell script “v.ps1”, observed initially.
"The script had some obfuscation and multiple functions that resembled an implant as well as a hardcoded domain (zoomstatistic[.]com) to 'POST' reconnaissance information such as user name, hostname, operating system, IP address and the current process name. In addition to the hardcoded domain, the script also had a specific user-agent string and URI to connect to," researchers from CrowdStrike said in an analysis released in the blog.
The investigating team found logic in the PowerShell script very similar to that observed and published by Inde, where impersonated Zoom installer dropped a similar PowerShell script through an external resource.
With the script findings, initially, the research team believed the delivery mechanism to be a phishing or social engineering attempt. Later at a certain point, the attack throws a curve at the intrusion route, signaling that it is beyond an ordinary data-gathering operation. So the investigation was turned to Endpoint Activity Monitoring (EAM) to gain further context and determine the origin of the activity.
While investigating a detection apparently dropping from a Setup or Installer file, the team proceeded with the first step to understand how that installer was written to disk. After probing Falcon endpoint detection and response (EDR) data, they made it to discover the origin of the activity. The malicious Google ad placed by the threat actor distributed the suspicious AnyDesk installer, which served to unsuspicious users who searched for 'AnyDesk' on Google.
“The DnsRequests and PeFileWritten via Google Chrome confirmed our suspicion that the activity started with a user-initiated download, but when diving deeper to investigate the cause, we made a fascinating finding in the user’s web traffic: The user had been attempting to search for “AnyDesk” using Google Chrome and was served up a malicious advertisement that forced a redirect to domohop[.]com, leading to the trojanized version of AnyDesk,” reported CrowdStrike.
However, the cybersecurity firm did not name any specific threat actor or nexus for this fraudulent cyber activity. It, in fact, suspected the activity to be a "widespread campaign affecting a wide range of customers" given the large user base. According to the company's website, more than 300 million users across the world downloaded AnyDesk's remote desktop access solution.
The Falcon Complete team working on this investigation further, looked for additional compromises and a way to contain the threat. The CrowdStrike wrote, “Once the Falcon Complete team had determined the initial access vector and the extent of the compromise, and had fully remediated the first host, the next step in the scoping process was to search across our customer base and identify additional compromises. By performing a hunt using a combination of network and host-based indicators of attack, the Falcon OverWatch team was able to identify additional customers impacted by the same activity. Falcon Complete was then able to follow the same analysis and remediation process for each of our Falcon Complete customers to contain the threat.”
An estimated data from CrowdStrike indicated that 40% of clicks on the malicious ad in Google search turned into installations of the AnyDesk binary, and 20% of those installations included follow-on hands-on-keyboard activity. "While it is unknown what percentage of Google searches for AnyDesk resulted in clicks on the ad, a 40% Trojan installation rate from an ad click shows that this is an extremely successful method of gaining remote access across a wide range of potential targets," the researchers said.
After discovering trojanized AnyDesk installer, the company reportedly notified Google of its findings, which is said to have taken instantaneous action to remove the ad in question.
"This malicious use of Google Ads is an effective and clever way to get mass deployment of shells, as it provides the threat actor with the ability to freely pick and choose their target(s) of interest," said the researchers.
"Because of the nature of the Google advertising platform, it can provide a really good estimate of how many people will click on the ad. From that, the threat actor can adequately plan and budget based on this information. In addition to targeting tools like AnyDesk or other administrative tools, the threat actor can target privileged/administrative users in a unique way," CrowdStrike concluded.