About a month and a half ago, there were some reports surfacing of some TeamViewer users being hijacked. This mostly surfaced around 30-05-2016 to 02-06-2016, although there are some reports dating back to mid-June. The logs note that most of these computers were accessed through TeamViewer, with IP Addresses originating from a Chinese VPN, using a method known as “Custom Password”. TeamViewer has refused to explain what method is used for that to appear in the logs. The computers that were hijacked, had the saved passwords stolen, then they opened Chrome/Internet Explorer to attempt to send coupons or vouchers to China through Amazon, PayPal, or abusing any of the saved passwords while logged into their machines.
Only a few of these computers were accessed by simple dictionary attacks due to the default 4-number password, which could be accessed in 23 hours of brute forcing. Due to the nature of TeamViewer, this password only resets when the application is restarted. Which isn’t that often…
A decent number of the intrusions also appear to coincide with the 01-06-2016 Denial of Service Attack on TeamViewer’s Authentication servers. TeamViewer declines any knowledge of a security issue, and has held their stance at it being the user’s fault for the issues that have been experienced. TeamViewer’s legal team has forced some article publishers to alter the statements about TeamViewer to cover up.
Most of these reports are unverified in a sense – as they are posted on a potentially anonymous forum, claims that cannot be verified. However, they are in such a high volume that some potential truth can be gleaned from the info.