AnyDesk
Developer(s) | AnyDesk Software GmbH, Germany | ||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Stable release(s) [±] | |||||||||||||||
| |||||||||||||||
Operating system | Windows, macOS, Linux, Android, iOS, FreeBSD, Raspberry Pi | ||||||||||||||
Type | Remote desktop software, Remote administration, Remote support | ||||||||||||||
License | Proprietary software | ||||||||||||||
Website | anydesk |
AnyDesk is a remote desktop application distributed by AnyDesk Software GmbH. The proprietary software program provides platform independent remote access to personal computers and other devices running the host application.[8] It offers remote control, file transfer, and VPN functionality. AnyDesk is often used in technical support scams and other remote access scams.[9][10][11]
Company
AnyDesk Software GmbH was founded in 2014 in Stuttgart, Germany and has gone worldwide, with subsidiaries in the US, China, and Hong Kong, as well as an Innovation Hub in Georgia (Country).[12][13]
In May 2018, AnyDesk secured 6.5 million Euros of funding in a Series A round led by EQT Ventures.[14][15] Another round of investment in January 2020 brings AnyDesk to over 20 million Dollars of combined funding.[16]
Software
AnyDesk uses a proprietary video codec "DeskRT" that is designed to allow users to experience higher-quality video and sound transmission while reducing the transmitted amount of data to the minimum.[14]
With its three megabyte total program size, AnyDesk is an especially lightweight application.[citation needed]
Features
Availability of features is dependent upon the license of the individual user. Some main features include:[17]
- Remote access for multiple operating systems (Windows, Linux, macOS, iOS, Android, etc.)
- File transfer and manager
- Remote Print
- VPN
- Unattended access
- Whiteboard
- Auto-Discovery (automatic analysis of local network)
- Chat-Function
- REST-API
- Custom-Clients
- Session protocol
- Two-Factor-Authentication
- Individual host-server
Security
AnyDesk uses TLS-1.2 with authenticated encryption. Every connection between AnyDesk-Clients is secured with AES-256. When a direct network connection can be established, the session is endpoint encrypted and its data is not routed through AnyDesk servers.[18] Additionally, whitelisting of incoming connections is possible.[19]
Abuses
AnyDesk can be optionally installed on computers and smartphones with full administrative permissions, if the user chooses to do so.[20] This provides the host user with full access to the guest computer over the Internet, and, like all remote desktop applications, is a severe security risk if connected to an untrusted host.
Mobile access fraud
In February 2019, Reserve Bank of India warned of an emerging digital banking fraud, explicitly mentioning AnyDesk as the attack channel.[21] The general scam procedure is as follows: fraudsters get victims to download AnyDesk from the Google Play Store on their mobile phone, usually by mimicking the customer service of legitimate companies. Then, the scammers convince the victim to provide the nine-digit access code and to grant certain permissions.[22] After permissions are obtained and if no other security measures are in place, the scammers usually transfer money using the Indian Unified Payment Interface.[23] A similar scam took place in 2020 according to Kashmir Cyber police.[24] The same method of theft is widely used internationally on either mobile phones or computers: a phone call convinces a person to allow connection to their device, typically from a caller claiming to be a service provider to "solve problems with the computer/phone", warning that Internet service will otherwise be disconnected, or from a caller claiming to be a financial institution because "there have been suspicious withdrawal attempts from your account".
Bundling with ransomware
In May 2018, the Japanese cybersecurity firm Trend Micro discovered that cybercriminals bundled a new ransomware variant with AnyDesk, possibly as an evasion tactic masking the true purpose of the ransomware while it performs its encryption routine.[25][26]
Technical support scams
Scammers have been known to use AnyDesk and similar remote desktop software to obtain full access to the victims' computer by impersonating a technical support person.[27][28][29] The victim is asked to download and install AnyDesk and provide the attackers with access. When access is obtained, the attackers can control the computer and move personal files and sensitive data.
In 2017, the UK based ISP TalkTalk banned TeamViewer and similar software from all its networks after scammers cold called victims and talked them into giving access to their computer. The software was removed from the blacklist after setting up a scam warning.[30] In September 2021, the State Bank of India warned customers not to install AnyDesk or similar apps.[31] In March 2022, the Federal Bureau of Investigation issued a cybersecurity advisory noting that AnyDesk software was used in the operations of the AvosLocker ransomware gang.[32]
Controversy
During the 2022 Russian invasion of Ukraine, AnyDesk refused to join the international community and withdraw from the Russian market. Research from Yale University published on August 10, 2022 identifying how companies were reacting to Russia's invasion identified AnyDesk in the worst category of "Digging in", meaning Defying Demands for Exit: companies defying demands for exit/reduction of activities.[33]
See also
References
- ^ "Changelog for Windows". AnyDesk. Retrieved 2024-09-23.
- ^ "Changelog for macOS". AnyDesk. Retrieved 2024-09-23.
- ^ "Changelog for Linux". AnyDesk. Retrieved 2024-09-23.
- ^ "AnyDesk Remote Desktop". Google Play. Retrieved 2024-09-23.
- ^ "AnyDesk Remote Desktop". App Store. Retrieved 2024-09-23.
- ^ "Changelog for Raspberry Pi". AnyDesk. Retrieved 2024-09-23.
- ^ "Changelog for FreeBSD". AnyDesk. Retrieved 2024-09-23.
- ^ "Innovative and Reliable: Our Features". AnyDesk. Retrieved 2020-05-25.
- ^ Aussies have lost over AU$7 million to remote access scams already this year
- ^ Scammers drain bank accounts using AnyDesk and SIM-swapping
- ^ Singh, Shelley. "AnyDesk: Fraud is only possible if user grants access: Oldrich Müller, COO, AnyDesk". The Economic Times. Retrieved 2022-05-05.
- ^ "AnyDesk verspricht PC-Fernsteuerung in Echtzeit". deutsche-startups.de (in German). 16 July 2014. Retrieved 2018-08-21.
- ^ "AnyDesk press release about innovation hub in Georgia". AnyDesk. 2022-04-07. Retrieved 2022-10-12.
- ^ a b "AnyDesk scores €6.5M for its remote desktop software – TechCrunch". techcrunch.com. Retrieved 2018-06-15.
- ^ "EQT Ventures' investment in AnyDesk". eqtventures.com. Retrieved 2018-08-22.
- ^ "Global Software Innovator, AnyDesk, Launches Expansion with Leading Growth Equity Investor, Insight Partners | News & Press". Insight Partners. 2020-01-22. Retrieved 2020-05-25.
- ^ "Category:Features - AnyDesk Help Center". support.anydesk.com. Retrieved 2020-05-25.
- ^ "Security - AnyDesk Help Center". support.anydesk.de. Retrieved 2018-08-21.
- ^ "Access and Session Requests - AnyDesk Help Center". AnyDesk Help Center. Retrieved 2018-08-22.
- ^ "Administrator Privileges and Elevation (UAC) - AnyDesk Help Center". support.anydesk.com. Retrieved 2019-07-30.
- ^ KVN, Rohit (2019-02-18). "RBI malware warning: Refrain from installing 'AnyDesk' mobile app or else risk losing bank balance". International Business Times, India Edition. Retrieved 2019-02-19.
- ^ "RBI AnyDesk Warning: This app can steal all money from your bank account, never download". Zee Business. 2019-02-17. Retrieved 2019-02-19.
- ^ "RBI Cautions Against Fraudulent Transactions On UPI Platform". BloombergQuint. Retrieved 2019-02-19.
- ^ "Cyber Police Kashmir unearths 'AnyDesk' online fraud". www.daijiworld.com. Retrieved 2021-02-25.
- ^ "Legitimate Application AnyDesk Bundled with New Ransomware Variant - TrendLabs Security Intelligence Blog". 2018-05-01. Retrieved 2018-08-28.
- ^ "WanaCrypt Ransomware – 202 N Van Buren Rd Ste E Eden, NC 27288". www.microsupportsystems.com. Retrieved 2018-08-28.
- ^ "As social engineering activities increase buyer beware of tech support scams". Verizon Enterprise Solutions. Archived from the original on 2017-12-01. Retrieved 2018-08-28.
- ^ "How to avoid being a tech support scam victim | thinkbroadband". www.thinkbroadband.com. Retrieved 2018-08-28.
- ^ "02085258899 - tech support scam (using anydesk.com, teamviewer.com and supremofree.com)". blog.dynamoo.com. Retrieved 2018-08-28.
- ^ "ISP customer data breach could turn into supercharged tech support scams". Naked Security. 2017-03-20. Retrieved 2018-08-06.
- ^ "SBI customers beware! Avoid installing these 4 apps on your phone". Hindustan Times. 2021-09-07. Retrieved 2022-05-07.
- ^ FBI (17 March 2022). "Indicators of Compromise Associated with AvosLocker Ransomeware" (PDF). FBI Internet Crime Complaint Center. Retrieved 7 May 2022.
{{cite web}}
: CS1 maint: url-status (link) - ^ "Almost 1,000 Companies Have Curtailed Operations in Russia—But Some Remain". Yale School of Management. Retrieved 10 August 2022.