TeamViewer is a remote desktop program that enables users to share screens and allows remote connection from around the globe. Today, many customers are taking to Reddit and Twitter claiming their computers were hacked via the software.
TeamViewer’s website remains offline, and the only information we have so far was tweeted from their account this morning.
We are currently experiencing issues in parts of our network. We apologize for any inconveniences caused.
— TeamViewer (@TeamViewer) June 1, 2016
“I was using a strong password that was unique to TeamViewer and they still got in and cleaned out my bank account. They logged in and used ChromePass to see my passwords stored in Chrome.” says a Reddit user.
Another Reddit user claims his Paypal delivery address was changed.
Update: TeamViewer states that their servers are up and running again, but it may take some time for all regions to be restored.
We are back up and running again. However it may take some time until all regions are back to regular service.
— TeamViewer Support (@TeamViewer_help) June 1, 2016
TeamViewer is claiming their not at fault, it is possible this may be the cause of malware. Recently, a new malware strain has been infecting machines allows the attacker to gain unauthorized access. The malware is being called BackDoor.TeamViewer.49 and was discovered by Dr. Web and Yandex a couple weeks ago.
This malware is being distributed via a fake Flash Player update that acts as a dropper. The fake Flash Player also displays a legitimate installation windows identical to the actual plugin. After install, the Trojan drops the BackDoor.TeamViewer.49 and the needed configuration files onto the compromised system.
TeamViewer has just published a statement on the issue, and the malware may be the culprit in these TeamViewer compromises.