* Posts by JZMatrix

1 publicly visible post • joined 3 Jun 2016

TeamViewer denies hack after PCs hijacked, PayPal accounts drained

JZMatrix

Re: Nope, Teamviewer is the tool, not the source

I was one of the 'lucky' folks to wake up Friday (05/27) only to find my inbox filled with various online orders placed mere hours before, in fact they were logging out of my computer moments before I walked in to my home office. No trojans were installed on my machines, it appears as though they either had the legit credentials for my TV account, or acquired them through whatever means (I hate to imply inside job, but..., especially with people stating 2FA configured but still breached). That particular night was a one off where my workstation wasn't locked for the evening, which was my downfall.

The 'hackers' used 2 China-based IPs to connect (based on TV's logs), though I have suspicions those are proxy addresses and may have been US based, or affiliated with people physically in the US as well.

Reviewing the tracks they took, they were very direct and went right for what they wanted. eBay (using their own account is seems), PayPal (sent themselves money from both of mine to a qq.com email address), Amazon (to order non-tangible/non-traceable items), same with Target and Walmart. Once they finished their rounds, they logged off, probably either reviewing their take, or trying the next system(s) on their list.

My systems are behind a separate firewall, so they didn't directly access the machine and went in through the TV system itself. Once they were in the account they tried each machine on my account until they found unlocked systems (there were 2 this evening) and went through roughly the same play book on both.