Saturday, February 25, 2017
Home / Security / Information / TeamViewer possibly hacked, customer accounts accessed

TeamViewer possibly hacked, customer accounts accessed

TeamViewer is a remote desktop program that enables users to share screens and allows remote connection from around the globe. Today, many customers are taking to Reddit and Twitter claiming their computers were hacked via the software.

TeamViewer-hacked

TeamViewer’s website remains offline, and the only information we have so far was tweeted from their account this morning.

“I was using a strong password that was unique to TeamViewer and they still got in and cleaned out my bank account. They logged in and used ChromePass to see my passwords stored in Chrome.” says a Reddit user.

Another Reddit user claims his Paypal delivery address was changed.

Update: TeamViewer states that their servers are up and running again, but it may take some time for all regions to be restored.

TeamViewer is claiming their not at fault, it is possible this may be the cause of malware. Recently, a new malware strain has been infecting machines allows the attacker to gain unauthorized access. The malware is being called BackDoor.TeamViewer.49 and was discovered by Dr. Web and Yandex a couple weeks ago.

This malware  is being distributed via a fake Flash Player update that acts as a dropper. The fake Flash Player also displays a legitimate installation windows identical to the actual plugin. After install, the Trojan drops the BackDoor.TeamViewer.49 and the needed configuration files onto the compromised system.

TeamViewer has just published a statement on the issue, and the malware may be the culprit in these TeamViewer compromises.

About FastFlux

Owner of ZeroSecurity, interested in programming, malware analysis and penetration testing. If you would like to write for the ZeroSecurity team, please use the contact form above.

Check Also

Amazon hacked – hacker leaks 80,000 login credentials

A hacker going by the name 0x2Taylor has said to have breached the servers of …

  • Chandler

    Uninstalling this right now