link icon
Ask The Community

Unauthorized Remote Access...from TeamViewer?

Good morning, I happened to be up early this morning and watched as my computer woke up and started logging in to my banking websites (saved browser passwords are a curse). As soon as I touched the mouse, the session disconnected (shocking). I haven't gotten any "authorize computer" emails that weren't mine. I have since changed my password and activated 2FA. I do not (and have not) have easy access on.

I looked in the TeamViewer logs and saw this at the correct time:

2021/04/21 05:43:33.961 4448 4944 S0  CommandHandlerRouting[4]::CreatePassiveSession(): incoming session via, protocol Tcp

2021/04/21 05:43:34.081 4448 4944 S0  CTcpConnectionBase[8]::ConnectEndpoint(): Connecting to endpoint

That IP appears to be owned by Teamviewer.

If this is actually legitimate Teamviewer usage, then there is NO reason to be opening my browser and accessing ANYTHING. If it isn't, that's another matter, but I'd like to think I've protected my Teamviewer account decently.