How To Reverse Connection On Anydesk

General Information

Attackers typically install malware through various methods, including phishing emails with a malicious attachment, malvertising, exploits, and by disguising the malware as regular software and uploading it to websites. Installed malware includes information stealers that steal information from the infected system, ransomware that encrypts files to demand ransom, and DDoS Bots that are used in DDoS attacks. Apart from these, backdoor and RAT are also important malware programs used by attackers. Backdoor malware installs itself on infected systems and receives commands from the attacker to perform malicious behavior. By doing so, the attacker can take over the infected system. These types of backdoor malware not only take over individual systems, but through lateral movement take over networks and can ultimately be used to steal internal corporate information or used as a means for attacks that encrypt internal systems under control.

Wait, do you share a clipboard?

When we checked «rdesktop» and «FreeRDP», we found several vulnerabilities in the clipboard sharing channel (each logical data layer is called a channel). However, at the time we didn’t pay much attention to it because they only shared two formats: plain text and Unicode text. This time it seems that Microsoft supports several more shared data formats, since the change table we saw was much larger than before.

Tracing the Scammers’ Connection

Let’s have a quick intermezzo: First of all, without using any RAT tools, Jim Browning can trace the connection using different tools known as ‘Packet Sniffers’ or ‚ Network Monitoring Tools’.

There are many, and one of the most popular is Wireshark. For example, I use Wireshark to trace VPN tools to see if they are in fact using encryption when I test VPN tools. These tools will also reveal the IP address of other people who gain access to your computer, such as the IP address of the scammer using remote software.

Transcript:

Can you give me a little background on what tech support scams are?

Most people will recognize a tech support scam by cold calling. They usually call you on the phone and claim they are your Internet Service Provider, Amazon, or have some excuse for you to basically turn on your computer and make it do things. The way you recognize one of these is that there’s a computer involved somewhere.

0 comentarios

Dejar un comentario

¿Quieres unirte a la conversación?
Siéntete libre de contribuir

Deja una respuesta

Tu dirección de correo electrónico no será publicada. Los campos obligatorios están marcados con *