![]() We analyzed the downloaded archive and discovered that it has a clean Anydesk setup along with a Babuk downloader, a RAT file, and a REG file. After Clicking on downloaded file installation window appears Similarly, we have found one more suspicious link for Anydesk application which is mentioned below. The first website is not related to the official Anydesk application, and After clicking on the setelog website, ads.htm redirects to a malicious website that downloads ransomware. If Anydesk is searched in Microsoft or Bing, we get the following result. ![]() When the user clicks for downloading Anydesk software, ransomware is also downloaded as it is bundled with Anydesk software in the form of a self-extracting archive (in this case, it is in no setup files). This fake website looks like the original Anydesk website. When the user tries to download the Anydesk software from an unknown suspicious link, a fake website appears, which allows you to download Anydesk software. Over time, ransomware releases new variants and improves its attack mechanisms to target new victims. Its tactics for encryption are not much different from other ransomware families. Anydesk is a remote-control tool that allows users to access remote computers and other devices running the host applications.īabuk Ransomware is recently very active. Apart from these usual attack techniques, we came across a new way of using Anydesk software fake websites to spread Babuk ransomware. Attackers trick the unsuspecting users into enabling macros, etc. We generally see that ransomware attacks are deployed through exploits, unsolicited malicious emails (malspam), or malicious Microsoft Office documents.
0 Comments
Leave a Reply. |