All posts

Framed for AnyDesk, or how criminals launder money using remote access

Framed for AnyDesk, or how criminals launder money using remote access

Written by


Published on

Today’s technological solutions allow to connect to your PC, tablet and mobile phone even if you do not have physical access to them. These functionalities have become extremely popular during the pandemic and in times of remote work improving and making life easier for all users around the world. Unfortunately, they have also become a tool in the hands of crooks who use them for purposes that violate the law: thefts and money laundering.

This article explains what remote access apps are for, how the scammers use them, what is the impact of such frauds and how to protect oneself against them. We will also present real-life examples and statistics related to this issue. Our aim is to provide you with knowledge and information that will enable you to safely use the Internet and cryptocurrencies while avoiding unpleasant situations.

What are AnyDesk and TeamViever apps for and what keyloggers do?

AnyDesk, TeamViewer and Splashtop are three most popular tools using remote desktop. The role of remote access applications is growing at an impressive pace on the business tools and IT market, which has been directly influenced by the Covid-19 pandemic forcing many companies to send their employees home and transition to the remote work mode. In the year of the pandemic the app [AnyDesk?] passed 300 million downloads milestone, only 12 months after it reached 100 million downloads. 

AnyDesk, using remote desktop connection, helps specialists [employees?] maintain productivity while performing their duties at home. If you experience a technical issue and call IT department or customer service, the specialists will install an application granting them remote access to your device and will fix the problem. In that sense it is an effective and reliable tool.

TeamViewer and Splashtop work on a similar principle. These tools enable remote connection to your company PC, home computer or to your friends and family’s devices to share information or provide technical help.

Keylogger is, in turn, a type of software recording keystrokes as a computer user types. It monitors user’s activities and can be used in the context of parental control (what a child is doing on the PC) or for time tracking purposes at work.

Although these tools have a number of positive recommendations, they are unfortunately more and more often used by cyber crooks to phish for sensitive data: bank account or credit card numbers, login credentials or private keys in cryptocurrency wallets.

The above is confirmed by the data gathered by both Polish and foreign institutions.

230% more remote access scams in 2022

Total losses reported to the American FBI in relation to remote access scams in 2022 amounted to 806 million dollars, that is over 3 billion zlotys. That means an increase by more than 230% and nearly half a billion dollars compared to the previous year.

At the same time, that was the third largest single factor contributing to losses on Internet crime, just after investment frauds and business email extortion scams. Such scams are highly effective since they enable the attacker to use their victim’s device and cloak behind a trusted hardware and IP address.

The FBI report also shows that it is elderly people who are most often victims of the scammers. The most funds has been lost in the group of the deceived over 60 years of age. In 2022, all of the online scams cost Americans over 10 billion dollars of which 30% concerned the oldest members of society.

”The Annual Report on the Activities of CERT Polska 2022” presenting ”the security landscape of the Polish Internet” seems to confirm this data. CERT, i.e. Computer Emergency Response Team, monitors the number of incidents reported in the Polish network each year. It was 322 479 notifications in 2022, which represents an increase by 34% compared to the previous year.

The most commonly reported type of attack was phishing, i.e. impersonating a well-known company to obtain certain information. In the second place was the use of malicious software: CERT registered 15 433 notifications. The use of keyloggers and remote access software for fraudulent purposes also fall into this category.

How do the crooks that use these applications work? Life examples

Scammers are very effective in playing with consumers’ trust to achieve their aims. The are certainly patient in sending countless text messages and emails and making lots of phone calls hoping to establish dialogue with a potential victim. They are also present on Internet forums and social media. Most often their offers refer to quick money: the investment in shares, currencies or lately popular cryptocurrencies.

The victim is contacted by someone claiming they are from an investment company, bank, cryptocurrency exchange or another trustworthy business entity. To speed up and facilitate the process they ask to install applications of AnyDesk or TeamViewer kind to support with the registration and making the investment. Once you install the application the scammer gains remote access to your PC and from now on can see and control everything you do. They can also install the keylogger to obtain your passwords and login details for various services (bank, cryptocurrency wallet etc.).

According to Polish media reports such frauds occur almost all the time. In July 2023 Białystok Online portal stated that a 49-year-old man was promised an easy profit and lost 45 thousand Polish zlotys. The man found a cryptocurrency investment advertisement on one of the social media platforms, was encouraged to install AnyDesk and then the fraudsters gained access to sensitive information and emptied his investment account.

A month earlier Cybersecurity Institute described the case of a 72-year-old woman from Rzeszów who within six months was robbed of 200 thousand zlotys for investments. The woman was manipulated into installing AnyDesk and the scammers were creating accounts in her name and from her computer, also on the cryptocurrency exchange, using the scan of her ID card sent earlier.

The British Times described an incident involving another woman over 70 years of age who had half a million in Polish currency stolen by crypto scammers. In her case, AnyDesk was installed on her mobile phone, not PC. That was however enough for the fraudsters to gain access to the woman’s money stored in the mobile crypto wallets.

Another tangible example of scammers’ practices we have also presented here. Thanks to our efficient and highly-qualified specialists the theft of the funds from an elderly man’s account was halted. In this case, too, the criminals gained access to the unaware victim’s PC and his accounts using AnyDesk. Manipulating, they convinced the man that the application was installed only for his benefit, to support him in opening the account and buying digital assets.

How to avoid remote access scams?

To protect yourself from falling victim to remote access scams use caution and common sense. Below we have collected a few tips to remember and follow to remain secure.

  • Do not install any applications of AnyDesk or TeamViewer kind on your PC or smartphone without its source and purpose being verified beforehand.
  • Never give out codes or passwords enabling remote connection to your device.
  • Do not blindly trust uninvited people contacting you to help, advise or invest in cryptocurrencies or stocks.
  • Do not click suspicious links, attachments or ads; they may contain malware or redirect you to fraudulent websites.
  • Never provide your personal, bank or cryptocurrency data without prior verification of the identity and credibility of your interlocutor.
  • Do not get intimidated and frightened by people demanding you to pay or disclose data under threat of losing an account, cryptocurrencies or identity.
  • Regularly monitor your bank accounts, crypto exchanges and digital wallets and report any irregularity or suspicious transaction.
  • Use legal and trustworthy investment platforms, brokers and cryptocurrency exchanges and secure your accounts with 2-step verification and strong passwords.

This article aimed to characterise the way scammers tarnish the image of useful tools such as AnyDesk and to suggest how you can identify dishonest people and fight them. If you want to explore the subject and learn more about how to stay safe go to the Nie Pie(p)rz! campaign website. It will provide you with information about how to avoid falling victim of money laundering on the cryptocurrency market and consequently losing your savings.

Stay safe when using AnyDesk and cryptocurrencies

Even though cybercriminals utilise tools such as AnyDesk in scams we should not be discouraged to use handy applications of this kind. AnyDesk is an invaluable solution facilitating remote work and technical support as long as we use it responsibly.

Similarly cryptocurrencies, despite potential risk, can be a fascinating and dynamic investment sector. They are a major technological breakthrough enabling instant transactions worldwide and over the last decade they proved to be an interesting alternative in building up own fixed assets.

The key to the safe use of these tools is education and awareness. We need to remember we are the last and the most important link in the security chain. Let us learn, be vigilant and use technologies in a safe and responsible manner. Knowledge is our greatest defence!