Teamviewer has been hacked--users please take precaution

[Chary]

It looks like there's been a security breach for popular remote control program Teamviewer. Reddit users on r/teamviewer have been reporting that their paypal information and passwords were stolen during random remote connections from hackers. If you use the program, be sure to check C:\Program Files\TeamViewer\Connections_incoming.txt to see who's been accessing your computer. I'd recommend that you uninstall Teamviewer at this time, just to ensure nothing bad happens.

Subreddit and discussion

 

[Frederica Bernkastel]

Well, shit. Cheers for the heads up, this happens to be one of the only pieces of software I have installed on literally everything - this is goig to make for a "fun" evening!

 

[daxtsu]

Thanks for the heads up, I started spreading the word.

Looks like The Register wrote about it as well:

http://www.theregister.co.uk/2016/06/01/teamviewer_mass_breach_report/

Edit: Oops, I didn't mean to double post.

 

[FAST6191]

Hmm, I saw it had troubles connecting/generating numbers earlier today.

Trying to think how many machines it might be installed on. An awful lot given it is a standard option I pick in ninite. Not sure what I want to do here, much less at 3am in my own time zone (it will be on machines in several more that I am variously responsible for).

Tomorrow may be a busy day.

 

[VinsCool]

And this is why I don't use remote access softwares.

 

[FAST6191]

It is possible to use such things somewhat safely, though I must confess I don't think I sandboxed any installs of this unless you count having them inside VMs for some things. Also after you have tried talking your elderly relatives through whatever operation they are trying to do this week over the phone (probably trivial for you, hard as you like trying to translate it and worse if things are not in alphabetical order because someone clicked and dragged or something) then you will begin to appreciate the sentiment behind the great album title "give me convenience or give me death".

Reading around though it seems it might be people that have accounts rather than just numbers, not sure about simple unattended access. If it is just accounts then that makes my life easier -- I usually do not do any accounts so people have to phone me and tell me numbers as it gives them a false peace of mind (more than once I heard it is scary seeing the mouse move and files being opened or similar, yet my command line or SSH fun does not even register).

Teamviewer PR also seem to be handling it very badly so there is at least the breakdown of what they have done there to look forward to.

 

[Joom]

Aw fuck. This is why decentralized RATs are better. Albeit often used maliciously, I tend to use things like DarkComet and NetWire over TeamViewer (with user consent of course). And yes, TeamViewer is a RAT. It's just a commercial, benign one.

 

[driverdis]

And this is why I don't use remote access softwares.

This^
I am usually at home anyway so Windows RDP or TightVNC are my goto apps for local remote access. I do not allow any sort of internet remote access softwares on my computers.

 

[Deleted User]

Oh fun, time to remove :/

 

[Luglige]

Oh no.

 

[cearp]

Aw fuck. This is why decentralized RATs are better. Albeit often used maliciously, I tend to use things like DarkComet and NetWire over TeamViewer (with user consent of course). And yes, TeamViewer is a RAT. It's just a commercial, benign one.

ok yeah... but 'rat' is negative, without permission.
teamviewer is with permission... so i wouldn't call it a 'rat'. (although sure, 'remote assisted tool' is correct)

 

[Luglige]

ok yeah... but 'rat' is negative, without permission.
teamviewer is with permission... so i wouldn't call it a 'rat'. (although sure, 'remote administration tool' is correct)

 

[cearp]

oops! thanks

 

[Luglige]

oops! thanks

It's ok i'm kinda wrong to. It can be called a "Remote Access Tool" but I like administration because it sounds more legal for all the wrong doers.

 

[Joom]

ok yeah... but 'rat' is negative, without permission.
teamviewer is with permission... so i wouldn't call it a 'rat'. (although sure, 'remote assisted tool' is correct)

TeamViewer is a RAT in every sense of the definition. There are malicious VNC servers as well, but hey. Those intended for malicious purposes can still be used for legitimate purposes. They tend to work better than TV as well. Besides, I don't really care what my grandmother's passwords and keystrokes are.

 

[_v3]

Even users with 2FA got hacked, and yet the TV team negates that any breach occurred.

 

[Yoshimashin]

This probably explains how both my Amazon and Ebay randomly purchased multiple $100 giftcards.

As a precaution I removed this software, cleared my Chrome password log and unrooted my phone. Good to know I found the probable cause.


Edit

Yup.




Goddammit.

 

[Pedeadstrian]

Didn't Teamviewer get hacked weeks if not months ago? I remember reading about it. Kinda late for a precautionary post. Funny thing, I signed up for Teamviewer in 2010 and didn't get any mail from them other than for the initial email validation, but after reading about Teamviewer being hacked I've received four new contact requests, which were obviously people trying to hack my computer.

 

[DarkFlare69]

Good thing I don't have it installed on my PC, only on my phone.