Employees tricked into downloading remote monitoring software

New research from Malwarebytes reveals that employees are being tricked into downloading remote monitoring and management tools like AnyDesk to open up back doors to corporate networks.

In a standard phishing technique potential victims are targeted via an email or SMS message, personalized to match their roles within the organization. The link in the email goes to what looks like a legitimate bank website with a link to open a chat support session.

But instead of soliciting information directly, clicking the link gets them to download an excutable for the RMM tool. In the example Malwarebytes cites the attackers use a legitimate -- albeit out of date -- AnyDesk executable so that it isn't detected as malicious by security products.

"Threat actors have registered phishing domains for different financial institutions, following the same style of the 'Live chat on Windows'. It’s unclear whether it is all the same group or whether several criminal gangs are operating this scam," say Malwarebytes researchers. "However, most of these domains are hosted on AS200593 which has a number of 'traditional' phishing sites."

AnyDesk was recently in the news for a security breach that allowed attackers to compromise its production systems. The vendor has since revoked its code signing certificates and is urging customers to update their software. AnyDesk has also partnered with fraud fighters such as ScammerPayback to shut down call centers.

You can read more on the Malwarebytes blog.

Photo Credit: Didecs/Shutterstock