AnyDesk FAQ

What happened?

AnyDesk has experienced a cyber incident. Following indications in mid-January of an incident in some of our systems, we conducted a security audit and found evidence of compromised production systems. Our forensic investigation has revealed that the incident started in December 2023.

This was not ransomware. This incident does not involve extortion, the sale of personal information or personal data, phishing or spam.

We immediately activated a remediation and response plan involving cyber security experts CrowdStrike. The remediation plan has concluded successfully and we have been working closely with the German Federal Office for Information Security (BSI). The situation is under control and it is safe to use AnyDesk.

Our focus has been to inform all our customers as quickly as possible through a public statement. Transparency, company integrity and trust in our products is of paramount importance to us.

What is all of this about?

Certificates. Every operating system executable file comes with a digital certificate. It helps verify the authenticity and integrity of the software by confirming that it has not been tampered with or altered since it was signed. This enhances security and builds trust among users who download and install the software, as they can be confident that it comes from a trusted source and has not been modified by malicious actors. We have no indication that compromised versions of our software have been or are being distributed.

To be clear: All AnyDesk versions obtained from official sources are safe to use.

Nevertheless, we have already released new versions with our new certificates. As soon as all new versions with our new certificates are released for all operating systems, we will revoke our old certificates. To keep using AnyDesk, you need to install the new version with our new certificates.

We recommend that you do not download software or updates from unsecured third-party websites and ask you to update to the version with our new certificates as soon as available.

Is it safe to use AnyDesk?

Yes. All AnyDesk versions obtained from our official sources are safe to use.

Nevertheless, we have already released new versions with our new certificates. As soon as all new versions with our new certificates are released for all operating systems, we will revoke our old certificates. To keep using AnyDesk, you need to install the new version with our new certificates.

Why does any of this matter to me?

As with any software, tech updates are necessary. We are communicating as widely as possible to ensure that you do undertake this important update. Thank you for your continued support of AnyDesk.

Do I need to download new software updates?

Yes. Even though all AnyDesk versions obtained from our official sources are safe to use, we have already released new versions with our new certificates. As soon as all new versions with our new certificates are released for all operating systems, we will revoke our old certificates. To keep using AnyDesk, you need to install the new version with our new certificates.

How can I ensure I am using the latest version?

You can check the "About AnyDesk" dialogue box in your client to see which version you are using.

We have prepared the Help Center article "How do I make sure I use AnyDesk with the new certificate" with instructions on how to update.

The newest versions are:

- AnyDesk for Windows (main channel): The latest version is 8.0.8 and comes with our new certificates. We have rolled out an automatic update to this version. You can also download the latest version from our website.

- AnyDesk for Windows (stable channel): The latest version is 7.0.15 and comes with our new certificates. We have rolled out an automatic update to this version.

- AnyDesk for macOS: The latest version is 8.0.0 and comes with our new certificates. Please note that the new certificates remain to be signed by philandro Software GmbH.

- AnyDesk Custom Clients (Windows): The latest version is 7.0.15 and comes with our new certificates. However, we have updated all versions available in the Custom Client Generator with our new certificate to ensure that you can continue to use the version you have been using. Please download and deploy this version to your devices.

- AnyDesk Custom Clients (macOS): The latest version is 8.0.0 and comes with our new certificates. However, we have updated all versions available in the Custom Client Generator with our new certificate to ensure that you can continue to use the version you have been using. Please download and deploy this version to your devices. Also, please note that the new certificates remain to be signed by philandro Software GmbH.

- AnyDesk for iOS: The latest version is 7.1.1 and comes with our new certificate.

- AnyDesk On-Premises: The current version is Windows 7.0.15 and macOS 8.0.0 and come with our new certificates. As with Custom Clients for Windows and macOS, we have updated all versions available in the Custom Client Generator with our new certificates to ensure that you can continue to use the version you have been using. Please download and deploy this version to your devices. The appliance server does not need to be updated.

- AnyDesk for other operating systems: We will be releasing a new version with our new certificates shortly. Since all AnyDesk versions obtained from our official sources are safe to use, and the certification process for this operating system is different from Windows anyway, please update once available.

Please note that all versions obtained from our official sources are safe to use despite the certificate change.

How do I verify a source? How do I verify the certificate of an executable file?

You can find further information on how to ensure you are using the new certificate in our Help Center article "How do I make sure I use AnyDesk with the new certificate".

Are my credentials affected?

We do not believe that this is the case. However, unfortunately we cannot rule out the theoretical possibility for a short period of time. Consequently, as a precautionary measure, we have forced a password reset for all customers.

To explain this, we need to briefly describe our systems: they are designed not to store private keys, security tokens or passwords that could be exploited to connect to end-user devices. When you enter your credentials in the AnyDesk client, they are transmitted to our servers via a relay server. The minimum standard to secure your credentials during this transport is TLS/SSL encryption. In addition, the client only connects to the server of our customer portal "my.anydesk.com II".

Only two of these relay servers in Europe were affected by the incident. This means that connections to the customer portal "my.anydesk.com I" are explicitly not involved. If your credentials were already saved in the client, i.e. you did not enter it manually, you were also not affected. Affected customers were limited to users based in continental Europe, with the exception of Spain and Portugal who were not affected.

Our assessment concluded that there was only a theoretical risk of credentials being compromised. Even to read credentials from these extremely limited connections, the attackers would have had to rewrite the very extensive code of our software in the very short time available, trick users into using a fake version of our software and then have them enter their password.

Have my credentials been leaked on the Darknet due to the incident?

No. We have become aware that credentials for AnyDesk customer accounts are circulating on the Darknet. These credentials were not exfiltrated from AnyDesk systems and are not related to the incident. Rather, they appear to be old information obtained from end-user devices infected with malware e.g. information stealers. As a precautionary measure to ensure old credentials cannot be used to log into AnyDesk accounts, we have enforced password resets for all customers. We recommend that affected users change their credentials for other services if they are used elsewhere and check their device for malware, as is good practice.

Can sessions be hijacked?

No. We have considered session hijacking in connection to the incident extremely unlikely from the very beginning. We could also rule it out with certainty very quickly. To perform session hijacking, the threat actor would have required a deep understanding of the source code and would also have had to modify it. This would not have been possible in the time available to them. We have also done a review of our code and see no malicious modifications. In addition, we have audited and remediated all of our servers.

Can compromised versions of your AnyDesk software be spread with your certificate?

We have no indication that compromised versions of our software have been or are being distributed. Even though all AnyDesk versions obtained from our official sources are safe to use, we have already released new versions with our new certificates. As soon as all new versions with our new certificates are released for all operating systems, we will revoke our old certificates. To keep using AnyDesk, you need to install the new version with our new certificates.

Is malware being spread via AnyDesk?

No. We have performed a review of our code and see no malicious modifications. We also have no evidence of malicious code being distributed to customers through any AnyDesk systems.