New Data Extortion Group Mad Liberator Targets AnyDesk Users

Apps & Games / AnyDesk / Desktop / Windows / News AnyDesk for Desktop Windows / New Data Extortion Group Mad Liberator Targets AnyDesk Users
20 Aug 2024

A new data extortion group, identified as Mad Liberator, has emerged as a significant threat to AnyDesk users, employing a deceptive tactic that involves a counterfeit Microsoft Windows update screen to facilitate data exfiltration from compromised devices. This operation, which surfaced in July, has drawn the attention of cybersecurity experts, particularly due to its unique approach to distraction during the data theft process.

Targeting AnyDesk Users

According to a report by cybersecurity firm Sophos, the modus operandi of a Mad Liberator attack begins with an unsolicited connection request to a computer utilizing the AnyDesk remote access application, a tool widely favored by IT teams for managing corporate environments. While the exact method of target selection remains unclear, one hypothesis suggests that the group may be systematically trying various AnyDesk connection IDs until a connection is accepted.

Once a connection is established, the attackers deploy a binary file disguised as a Microsoft Windows Update, which presents a phony Windows Update splash screen to the user. This clever ruse serves a singular purpose: to divert the victim’s attention while the attackers leverage AnyDesk’s File Transfer tool to siphon data from OneDrive accounts, network shares, and local storage.

During this simulated update process, the victim’s keyboard is rendered inactive, effectively preventing any interruption of the data exfiltration. Observations from Sophos indicate that these attacks typically span around four hours, during which Mad Liberator refrains from encrypting any data post-exfiltration. Nevertheless, the group ensures that ransom notes are dropped in shared network directories, maximizing visibility within corporate settings.

Interestingly, Sophos has reported that there is no evidence of prior interaction between Mad Liberator and their targets before the AnyDesk connection request, nor have any phishing attempts been recorded to support the attack methodology. The extortion tactics employed by Mad Liberator are particularly striking; the group claims on their darknet site that they first reach out to compromised companies, offering to assist in rectifying security vulnerabilities and recovering encrypted files, contingent upon meeting their financial demands.

If a victimized organization fails to respond within 24 hours, their name is published on the extortion portal, granting them a seven-day window to engage with the threat actors. Should five additional days pass without a ransom payment, all stolen files are made public on the Mad Liberator website, which currently lists nine victims.

How to download AnyDesk on an Apple computer?

To download AnyDesk on an Apple computer, follow these steps: 1. Open your web browser and go to the AnyDesk website (anydesk.com). 2. Click on the 'Download' button. 3. Choose 'macOS' from the list of available platforms. 4. Once the download is complete, locate the downloaded file in your 'Downloads' folder. 5. Double-click the downloaded file to open it, then drag the AnyDesk icon into your 'Applications' folder. 6. Open AnyDesk from the 'Applications' folder to start using it.

Does Apple support using AnyDesk?

Yes, Apple supports the use of AnyDesk. AnyDesk is compatible with macOS, allowing users to establish remote connections to and from Apple computers. It adheres to Apple's security and software guidelines, ensuring that users can safely utilize the remote desktop capabilities of AnyDesk on their Apple devices.
Update: 20 Aug 2024
AnyDesk

AnyDesk download for free to PC or mobile

4
885 reviews
3169 downloads

News and reviews about AnyDesk

Loading...