The German software company behind TeamViewer, one of the most popular software in the world that allows users to access and share their desktops remotely, was reportedly compromised in 2016, the German newspaper Der Spiegel revealed today.
TeamViewer is popular remote-support software that allows you to securely share your desktop or take full control of other’s PC over the Internet from anywhere in the world. With millions of users making use of its service, TeamViewer has always been a target of interest for attackers.
According to the publication, the cyber attack was launched by hackers with Chinese origin who used Winnti trojan malware, activities of which have previously been found linked to the Chinese state intelligence system.
Active since at least 2010, Winnti advanced persistent threat (APT) group has previously launched a series of financial attacks against software and gaming organisations primarily in the United States, Japan, and South Korea.
The group is known for using supply chain attacks by infecting legitimate software or servers with malicious updates to install malware on end-users’ systems.
Once infected, Winnti downloads a backdoor payload on the compromised computers giving attackers the ability to remotely control the victims’ computers without their knowledge.
Der Spiegel criticized TeamViewer company for not disclosing the intrusion to the public to inform its customers, many of which are using the targeted software in businesses.
However, when The Hacker News contacted the company, TeamViewer said it discovered the cyber attack “in time” soon after detecting suspicious activities and took immediate action to “prevent any major damage.”
images from Hacker News