AnyDesk is a proprietary remote desktop tool distributed by AnyDesk Software GmbH. The software program provides remote access to personal computers running the host application, which can be installed on Windows, macOS, Linux and FreeBSD. It also allows users to access said computers both from personal computers and from iOS and Android mobile devices.
Main screen of AnyDesk
|Developer(s)||AnyDesk Software GmbH, Germany|
|Stable release(s) [±]|
|Operating system||Windows, macOS, Linux, Android, iOS, FreeBSD, Raspberry Pi|
|Type||Remote desktop software, Remote administration, Remote support|
AnyDesk uses a proprietary video codec "DeskRT" that is designed to allow users to experience higher quality video and sound transmission. The company says that AnyDesk is built for collaboration unlike traditional screen sharing.
AnyDesk uses TLS/AES to encrypt connections. When a direct network connection can be established, the session is endpoint encrypted and its data is not routed through AnyDesk servers. Additionally, whitelisting of incoming connections is possible.
Mobile access fraud
In February 2019, Reserve Bank of India warned of an emerging digital banking fraud, explicitly mentioning AnyDesk as the attack-channel. The general scam procedure is as follows: fraudsters get victims to download AnyDesk from the Google Play Store on their mobile phone, usually by mimicking the customer service of legitimate companies. Then, the scammers convince the victim to provide the nine-digit access code and to grant certain permissions. After permissions are obtained and if no other security measures are in place, the scammers usually transfer money using the Unified Payment Interface.
Bundling with ransomware
In May 2018, the Japanese cybersecurity firm Trend Micro discovered that cybercriminals bundled a new ransomware variant with AnyDesk, possibly as an evasion tactic masking the true purpose of the ransomware while it performs its encryption routine.
Technical support scams
Scammers have been known to use AnyDesk and similar remote desktop software to obtain full access the victims computer by impersonating a technical support person. The victim is asked to download and install AnyDesk and provide the attackers with access. When access is obtained, the attackers can control the computer and move personal files and sensitive data.
In 2017, the UK based ISP TalkTalk banned AnyDesk and similar software from all its networks to protect its users from scammers, cold calling victims and talking them into giving access to their computer. The software was removed from the blacklist after setting up a scam warning.
- "Download AnyDesk for Windows". AnyDesk. 4 August 2019.
- "Download AnyDesk for macOS". AnyDesk. 4 August 2019.
- "Download AnyDesk for Linux". AnyDesk. 26 August 2019.
- "Download AnyDesk for FreeBSD". AnyDesk. 4 August 2019.
- "Download AnyDesk for Raspberry Pi". AnyDesk. 4 August 2019.
- "AnyDesk remote PC/Mac control". GooglePlay. Google. Retrieved 1 September 2019.
- "AnyDesk on the App Store". App Store. Apple. Retrieved 4 August 2019.
- "AnyDesk 4.2.2 Free Remote Access Software Tool Review". lifewire.com. Retrieved 2018-08-21.
- "The Fast Remote Desktop Application – AnyDesk". anydesk.com. Retrieved 2018-06-15.
- "AnyDesk verspricht PC-Fernsteuerung in Echtzeit". deutsche-startups.de (in German). Retrieved 2018-08-21.
- "AnyDesk scores €6.5M for its remote desktop software – TechCrunch". techcrunch.com. Retrieved 2018-06-15.
- "EQT Ventures' investment in AnyDesk". eqtventures.com. Retrieved 2018-08-22.
- "Security - AnyDesk Help Center". support.anydesk.de. Retrieved 2018-08-21.
- "Access and Session Requests - AnyDesk Help Center". AnyDesk Help Center. Retrieved 2018-08-22.
- "Administrator Privileges and Elevation (UAC) - AnyDesk Help Center". support.anydesk.com. Retrieved 2019-07-30.
- KVN, Rohit (2019-02-18). "RBI malware warning: Refrain from installing 'AnyDesk' mobile app or else risk losing bank balance". International Business Times, India Edition. Retrieved 2019-02-19.
- "RBI AnyDesk Warning: This app can steal all money from your bank account, never download". Zee Business. 2019-02-17. Retrieved 2019-02-19.
- "RBI Cautions Against Fraudulent Transactions On UPI Platform". BloombergQuint. Retrieved 2019-02-19.
- "Legitimate Application AnyDesk Bundled with New Ransomware Variant - TrendLabs Security Intelligence Blog". 2018-05-01. Retrieved 2018-08-28.
- "WanaCrypt Ransomware – 202 N Van Buren Rd Ste E Eden, NC 27288". www.microsupportsystems.com. Retrieved 2018-08-28.
- "As social engineering activities increase buyer beware of tech support scams". Verizon Enterprise Solutions. Retrieved 2018-08-28.
- "How to avoid being a tech support scam victim | thinkbroadband". www.thinkbroadband.com. Retrieved 2018-08-28.
- "02085258899 - tech support scam (using anydesk.com, teamviewer.com and supremofree.com)". blog.dynamoo.com. Retrieved 2018-08-28.
- "ISP customer data breach could turn into supercharged tech support scams". Naked Security. 2017-03-20. Retrieved 2018-08-06.