Unauthorized Remote Access...from TeamViewer?
Good morning, I happened to be up early this morning and watched as my computer woke up and started logging in to my banking websites (saved browser passwords are a curse). As soon as I touched the mouse, the session disconnected (shocking). I haven't gotten any "authorize computer" emails that weren't mine. I have since changed my password and activated 2FA. I do not (and have not) have easy access on.
I looked in the TeamViewer logs and saw this at the correct time:
2021/04/21 05:43:33.961 4448 4944 S0 CommandHandlerRouting::CreatePassiveSession(): incoming session via CA-MON-IBM-R006.teamviewer.com, protocol Tcp
2021/04/21 05:43:34.081 4448 4944 S0 CTcpConnectionBase::ConnectEndpoint(): Connecting to endpoint 184.108.40.206:5938
That IP appears to be owned by Teamviewer.
If this is actually legitimate Teamviewer usage, then there is NO reason to be opening my browser and accessing ANYTHING. If it isn't, that's another matter, but I'd like to think I've protected my Teamviewer account decently.