A bogus AnyDesk website created to look just like the authentic one is distributing a custom malware named “Mitsu Stealer”, which specializes in snatching valuable user data.
AnyDesk is a popular remote desktop application for Windows, Linux, and macOS, used by millions of users for secure remote connectivity, control, and file actions via VPN and proxies.
The fake website is most likely promoted via malspam, SMS, or posts on social networks, but it doesn’t appear to involve malvertizing at the moment.
As a report by Cyble Research and Intelligence Labs details, the campaign is of unknown origin and uncertain scale, but its creators appear diligent, with attention to detail and interest in establishing a distinct malware brand.
The fake AnyDesk website is a clone of the original, even featuring subscription tier pricing details and a space where new job openings are posted. This is to create a false sense of legitimacy and trick the visitor into believing they landed on the real site.
The fake AnyDesk website offering copies of the Mitsu malware
Clicking on the “Download Now” button delivers a file named “Anydesk.exe”, supposedly an installer for the popular remote desktop app, but in reality, it’s a copy of the Mitsu Stealer.
Upon running the downloaded executable on their systems, the unsuspecting victims are infecting themselves with a powerful information stealer.
Mitsu is a custom-made 64-bit malware that Cyble found is based on freely available code on GitHub. However, its author has given