Skip to main content

Remote access software TeamViewer has been spying on us for decades

teamviewerSince its introduction, TeamViewer has been looked upon with some suspicion by the more paranoid Internet users out there. After all,if the software exists with the primary purpose of allowing group meetings with remote access to other people’s computers from anywhere in the world, what’s to say that someone else couldn’t use it for some downright evil mischief?

Now, there’s evidence to suggest that such skepticism was well-founded. A blog post from the Laboratory of Cryptography and System Security in Budapest, Hungary, claims it has uncovered “an ongoing high profile targeted attack affecting our home country” that appears to center around misuse of TeamViewer software.

“A distinct feature of the attack is the abuse of the legitimate TeamViewer remote access tool,” the blog writes. It appears that infected computers originally had “clean” versions of the TeamViewer software installed before they were modified afterward, allowing third parties to gain remote access to machines without their users’ knowledge. This means hackers would be able not only to observe (and record) keystrokes used by the legitimate users, but could also install further malware on the machines without detection.

“The collected evidence suggest[s] that attacks have been carried out in multiple campaigns,” the post continues, suggesting that the malware attacks predate the use of TeamViewer. The CrySyS lab traced attacks to as far back as 2010 definitively, but believes that hackers have started earlier, estimating a number in double digits in terms of how many have been carried out.

Nonetheless, the group believes that those behind the TeamViewer abuse have also been behind other similar attacks, noting that the “TeamBot/Sheldor campaign” – a cyber campaign against financial institutions – may have its roots in the same source.

It’s not just Hungary that finds itself faced with this problem, either. “The telemetry revealed additional high-profile victims outside Hungary,” the blog post notes. “Indeed, multiple victims were found in Iran, including victims at http://www.sashiraz.co.ir, which is an electronics company with government background.” Other international victims of the attacks include multiple research and educational groups in France and Belgium, an electronics manufacturer with government connections in the Middle East and a NATO state embassy in Russia. Additionally, an industrial manufacturer in Russia has also been compromised.

At this time, it remains unknown where the attacks originated from. Some tools used in the attacks ran to an unknown host on a subnet. Interestingly enough, the CrySyS lab team has also tracked other tools to hosts belonging to the Ministry of Foreign Affairs of Uzbekistan. But the most obvious question remains: Why Hungary, of all places?

Graeme McMillan
Former Digital Trends Contributor
A transplant from the west coast of Scotland to the west coast of America, Graeme is a freelance writer with a taste for pop…
How to easily log in to multiple Gmail accounts at once
woman sitting and using laptop

Have you found yourself rapidly accumulating Gmail accounts? Between work, school, and any personal accounts you may have created, it's completely reasonable to have three (or more) Google accounts that need to be checked regularly.

Read more
The best MasterClass courses for 2024
The MasterClass logo against a dark background.

Learning a new skill, art, or craft is a great way to expand your horizons, and even increase your value as a creator or within your career. There are a lot of online learning platforms out there to help you grow, but few are as universally recognized as MasterClass.

MasterClass is a streaming platform that offers online classes taught by some of the biggest names in their respective fields. With a subscription you’ll get access to the full library of MasterClass courses, which includes a huge variety of subjects such as food, writing, music, wellness, and home & lifestyle.

Read more
How to recall an email in Gmail on mobile and desktop
A person sitting at a desk, in front of a computer monitor with their head in their hands.

Sometimes the moment you hit send in Gmail you want to recall the message. We all make mistakes. Luckily, Google gets it and, just as you can recall an Outlook message, you can unsend a Gmail. In the past, you had to manually enable it, but now it’s on by default.

Here’s how to make the most of it.

Read more