“AnyDesk hacked”
“In a statement shared with BleepingComputer late Friday afternoon, AnyDesk says they first learned of the attack after detecting indications of an incident on their production servers.
After conducting a security audit, they determined their systems were compromised and activated a response plan with the help of cybersecurity firm CrowdStrike.
AnyDesk did not share details on whether data was stolen during the attack. However, BleepingComputer has learned that the threat actors stole source code and code signing certificates.
The company also confirmed ransomware was not involved but didn't share too much information about the attack other than saying their servers were breached, with the advisory mainly focusing on how they responded to the incident.”
https://www.bleepingcomputer.com/news/security/anydesk-says-hackers-breached-its-production-servers-reset-passwords/
I do not manage many PC systems these days, mostly complete networks, but where I do a quick scan and powershell removal script has been run as a precaution, removing AnyDesk completely for the time being.
# Define the default installation path for AnyDesk
$anyDeskPath = "C:\Program Files (x86)\AnyDesk\AnyDesk.exe"
# Check if AnyDesk executable exists
if (Test-Path $anyDeskPath) {
Write-Host "AnyDesk found. Attempting silent removal..."
# Define the silent removal command
$silentRemoveCommand = "$anyDeskPath --silent --remove"
try {
# Execute the silent removal command
Start-Process -FilePath $anyDeskPath -ArgumentList "--silent", "--remove" -Wait -NoNewWindow
Write-Host "AnyDesk has been uninstalled silently."
} catch {
Write-Error "An error occurred during the silent removal: $_"
}
} else {
Write-Host "AnyDesk is not installed or not found at $anyDeskPath."
}