Threat Alert: The Anydesk Breach Aftermath

Cybereason reports that AnyDesk experienced a production system compromise resulting in the theft of proprietary source code and a private code-signing certificate; attackers have used the stolen certificate to sign malware (including Agent Tesla samples) which may be distributed as apparently legitimate AnyDesk binaries. The alert documents observed signed malicious samples, recommends updating AnyDesk to the patched version, rotating AnyDesk portal credentials, and hunting for and remediating signed malicious binaries in customer environments.