Hackers have breached the systems of many users via TeamViewer, though the company deny responsibility. That is, they deny that the company had suffered a breach.
Users stated on Reddit that systems were accessed remotely and without authorization. The intruders tried to steal from PayPal accounts and make purchases through eBay and other sites. Attacks were carried out using browsers that were set to to remember log-in credentials for regularly used services online.
Many users thought that TeamViewer had been had been hacked or that there was a vulnerability that had been exploited in the remote access app. The vendor ruled-out these possibilities and suggested that the attacks were probably leveraged on leaked passwords – and the fact that many users employ one password for multiple log-ins.
The reuse of passwords could possibly be the vulnerability behind these attacks. Hundreds of millions of log-in details from LinkedIn and Myspace in the past. This has encouraged waves of take-over attempts since; Reddit last week reset 100 000 passwords after detecting take-over attempts. “TeamViewer is safe to use, because TeamViewer has proper security measures in place including end-to-end encryption to prevent man-in-the-middle attacks, anti-brute-force means, and more,” TeamViewer said in a release, “unfortunately, users are still using the same password across multiple user accounts with various suppliers. While many suppliers have proper security means in place, others are vulnerable“.
The company advised to users to set unique and strong passwords and the enabling ot two factor authentication (2FA) on their accounts.
TeamViewer also had a service outage on Wednesday, and some thought it may be linked. The company clarified in a statement that this incident was caused by a DDoS attack targeting their DNS servers, though was not connected with individuals getting hacked.
The app is quite a popular choice for exploits, the remote access tool has been used in a number of different, persistent threats – both for espionage and by cyber-criminals. In May, Russian security firm Dr.Web noted the use of a trojan that uses TeamViewer files (avicap.32.dll) to allow the malware to run on auto in an OS. They named the malware BackDoor.TeamViewer.49.
Whatever the truth behind this wave of attacks, passwords should be hardened, changed regularly, and NEVER used for multiple applications.
