Starting February 1st, rumors regarding a possible compromise of AnyDesk began to circulate online.
These rumors became more insistent as the contents of the January 29 Release Notes were noted.
What initially appeared to be just normal maintenance activity on Anydesk’s infrastructure was later revealed to actually be a compromise.
AnyDesk has in fact made the situation official in a communication published on February 2 on its institutional website. As specified in the communication, the compromise concerned production servers and the consequence was the need to generate new certificates with which to sign AnyDesk executables.
How to react to this compromise?
As indicated by AnyDesk, it is essential to install the latest available version of the software, signed with the new certificates.
From a detection point of view, it’s also important to check whether any compromised versions of AnyDesk may be running in your environments. To do this, you can use the Yara rule made available by Florian Roth, which has already detected a compromised version on VirusTotal.
Further information is available on Bleeping Computer.