![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
theweaselkingTeamviewer has been hacked and is being targeted by thieves who are logging in, stealing bank information, and installing ransomware.
If you have Teamviewer, uninstall it immediately and check all your shit.
If you have Teamviewer, uninstall it immediately and check all your shit.
(no subject)
Date: 2016-06-02 12:39 pm (UTC)(no subject)
Date: 2016-06-03 01:37 am (UTC)There is zero proof of this. So far i've found the following suggested;
1. False flash update that re-writes Teamviewer's ini file.
2. Poisoned Full Client from an unknown - but major - download site (not teamviewer.com).
3. Trojan - http://vms.drweb-av.de/virus/?_is=1&i=8161714
4. Pretty much uniform password re-use and known site hacks with people's emails being listed on https://haveibeenpwned.com/
1 and 2 are fairly bad - but aren't actually compromising Teamviewer. 3 is a generic Trojan that is utilising Teamviewer. 4 is the most likely.
Now that isn't to say Teamviewer's security model is super great - If you have an ID and a Password, you have console access to a PC. If the machine is not locked at idle (or TV Session end) this will give a user access into the server/workstation with the current users credentials/privileges.
I've requested that they remove the requirement for an unattended password, and link it to an Auth'd TV account - and require that the TV account is auth'd via 2FA. This has been taken on board by their feature team (hah!).