Press release 05/27/2016
Press contact

Press & media representative

Axel Schmidt

Phone: +49 (0) 7161 60692 395
E-Mail: press (at) teamviewer.com

Statement on the appearance of the Windows Trojan BackDoor.TeamViewer.49

 

Göppingen/Germany, May 27, 2016. Recently, some news coverage about a Windows Trojan BackDoor.TeamViewer.49 installing TeamViewer on infected computers surfaced. We strongly condemn any criminal activity and want to emphasize the following three aspects:

  1. A malware program installs TeamViewer via an Adobe Flash update on already breached computers.
  2. TeamViewer has investigated the case internally and affirms that there is no security breach within TeamViewer.
  3. Downloads from the official TeamViewer website are not affected.

The real issue seems to be the installation of a malware program via the installation over a manipulated Adobe Flash player update. With the installation of the malware program, TeamViewer will be installed on the remote side. Resuming, the current situation unfolds as follows: The aforementioned malware is spread via another malware named Trojan.MulDrop6.39120 which is a forged update of Adobe Flash Player.

The executable file of Trojan.MulDrop6.39120 installs the player on Windows. Meanwhile, it covertly saves TeamViewer, BackDoor.TeamViewer.49, and a necessary configuration file on the disc. During the installation, a legitimate installer window of Flash Player is displayed. When users install this malicious Flash Player update, they get a legitimate Flash version, but also the Trojan.MulDrop6 Trojan, which secretly installs TeamViewer on the victim's computer.

TeamViewer emphasizes the following aspects:

  • The real issue is the installation of a malware program: Once a system is infected, perpetrators can virtually do anything with that particular system – depending on how intricate the malware is it can capture the entire system, seize or manipulate information, and so forth.
  • There is no TeamViewer security breach: The depicted scenario is a heinous abuse of TeamViewer’s software. We have no evidence that the code of our software has been affected in any way.
  • The perpetrators spread TeamViewer through a malware. This does not make TeamViewer a malware or vulnerable program. In fact, this procedure can be applied to any number of legitimate programs such as TeamViewer.

Regular TeamViewer installations are not affected by this particular scam, and do not represent a security issue.

TeamViewer strongly recommends:

  • Users should avoid all affiliate or adware bundles: While users may think they are just downloading a harmless program, the software could in fact install something else.
  • Users ought to download TeamViewer only through the official TeamViewer channels such as the TeamViewer website https://www.teamviewer.com.
  • Users should make sure to have reliable anti-malware and security solutions in place at all times.

The TeamViewer support team is happy to answer any potential technical issues or queries at: https://www.teamviewer.com/en/support/contact/submit-a-ticket/

TeamViewer recommends that users who have been the victim of criminal activities get in touch with their local police departments, in order to report their case. This is particularly important because TeamViewer is subject to very strict data protection and privacy regulations, and can release sensitive data only to authorized individuals and authorities.

 

About TeamViewer

Founded in 2005, TeamViewer is fully focused on the development and distribution of high-end solutions for online communication, collaboration and remote monitoring of IT systems. Available in over 30 languages and with more than 200 million users worldwide, TeamViewer is one of the world’s most popular providers of remote control and online meeting software. airbackup, a powerful cloud-based backup solution, and ITbrain, a valuable remote monitoring and IT asset tracking solution, complement TeamViewer’s product portfolio.

For more information, visit: www.teamviewer.com
Follow us on Twitter at @TeamViewer and on our blog at blog.teamviewer.com.

TeamViewer GmbH
Jahnstr. 30
73037 Göppingen