Tuesday , July 14 2026
Zoom Update

ALERT
Zoom Update Scam Hits 1,437 Windows Users in 12 Days

A fake Zoom update scam infected 1,437 Windows users globally in 12 days. Attackers used a fraudulent version of Teramind, a genuine employee monitoring tool, to spy on victims. Microsoft Defender for Endpoint detected the campaign on February 11, 2026.

Teramind issued an official statement confirming no ties to the attackers. “We have no affiliation with these threat actors and did not authorize any such deployment,” the company said in a blog post dated February 25, 2026. Malwarebytes detailed the scam in their February 24 report, noting its reliance on social engineering over complex code.

Meta’s louisiana data center to exceed 250 billion price tag

Meta announced on Monday that its data center in Richland Parish, Louisiana, will grow to 5 gigawatts of computing power....
Read More
Meta’s louisiana data center to exceed 250 billion price tag

Ransomware Crisis in 2026: 5,064 Organizations Affected in 135 Countries

Global ransomware attacks stayed very high in the first seven months of 2026. There were 5,064 confirmed victims in 135...
Read More
Ransomware Crisis in 2026: 5,064 Organizations Affected in 135 Countries

Palo Alto Networks Addresses 13 Vulnerabilities

Palo Alto Networks shared warnings on Wednesday about over twelve security issues in its products. The new warnings include 13 security...
Read More
Palo Alto Networks Addresses 13 Vulnerabilities

Critical Dell BIOS & Zimbra Flaws Expose Enterprise Systems

A critical flaw with how Dell saves BIOS passwords lets anyone quickly recover these passwords from a flash dump without...
Read More
Critical Dell BIOS & Zimbra Flaws Expose Enterprise Systems

CoLoCity Launches New 1.0 MW Data Center Facility at Gulshan

CoLoCity is proud to launch a new Data Center in Gulshan-2. It is designed to meet the growing demand for...
Read More
CoLoCity Launches New 1.0 MW Data Center Facility at Gulshan

Daily Cyber security update for 10. 07. 2026

Cyberattacks are rising around the world, including ransomware, malware, data leaks, and hacked websites. These events show how complex and...
Read More
Daily Cyber security update for 10. 07. 2026

How Hacker Compromise AWS Cloud Environment Using AI in 72 Hours

A major AWS attack shows how attackers with AI can connect known cloud strategies to go from first access to...
Read More
How Hacker Compromise AWS Cloud Environment Using AI in 72 Hours

Mycelium Framework: First AI-as-a-Service Botnet

A new cybercrime ad is catching attention in the security world. It talks about a botnet that doesn't just get...
Read More
Mycelium Framework: First AI-as-a-Service Botnet

CrowdStrike Shows 5 New Prompt Injection Techniques for AI Agents

CrowdStrike has shared five new ways to inject prompts, showing the rising danger to AI agents as more organizations use...
Read More
CrowdStrike Shows 5 New Prompt Injection Techniques for AI Agents

Critical GCP Dialogflow Vulnerability Allows Malicious Code Injection

A critical flaw in Google Cloud Platform’s Dialogflow CX lets attackers add harmful code to a company's AI chatbot system....
Read More
Critical GCP Dialogflow Vulnerability Allows Malicious Code Injection
                                                           A fake Zoom website (Source – Malwarebytes)

The scam originates from uswebzoomus[.]com/zoom/, which perfectly imitates a Zoom waiting room. It alerts attackers when someone enters. Fake participants, such as Matthew Karlsson, James Whitmore, and Sarah Chen, join with chimes and repeated audio.

Only real user clicks activate this feature, while bots and scanners completely overlook it. A fake network issue banner shows up, causing audio stuttering and video freezing. Users mistakenly blame their own devices.

A pop-up appears after ten seconds, demanding an update. There’s a countdown with no option to close it. When it reaches zero, it quietly downloads malware. A fake Microsoft Store screen distracts while the file is saved in Downloads, without asking for permissions.

Attack Mechanics:

The malware file is zoom_agent_x64_s-i(__941afee582cc71135202939296679e229dd7cced)(1).msi. Its SHA-256 hash is 644ef9f5eea1d6a2bc39a62627ee3c7114a14e7050bafab8a76b9aa8069425fa. VirusTotal showed no flags from Microsoft Defender at discovery.

Attackers have misused Teramind’s stealth mode without needing custom code. The installer hides in out_stealth builds, renames itself to dwm.exe, and is located in C:\ProgramData{4CEC2908-5CE4-48F0-A717-8FC833D8017A}. A tsvchst service guarantees it stays active.

It collects the PC name, user account, keyboard language, and locale. The data is sent to the attacker’s servers. It logs keystrokes, takes screenshots, tracks web activity, and monitors the clipboard and files.

Detection and Removal Steps: 

Scan with updated antivirus like Microsoft Defender or Malwarebytes.
Check for C:\ProgramData{4CEC2908-5CE4-48F0-A717-8FC833D8017A}.
Look for tsvchst service in Task Manager or services.msc. Stop and delete if found.
Run full system scan in safe mode.
Reset browser and clear Downloads folder.
If infected, assume compromise. Change passwords from a clean device. Report to IT for work machines.

Prevention Tips for Zoom Update Scams:

Launch Zoom from desktop app, not browser links.
Type zoom.us directly. Verify URLs.
Ignore pop-ups. Check official site for updates.
Enable MFA on accounts. Use EDR like Microsoft Defender for Endpoint.
Train on phishing: Fake meetings often rush or frustrate.

UPDATE (February 28, 2026): Teramind has stated that it is not affiliated with the threat actors described and did not authorize the deployment of the software referenced. 

Check Also

Tenda

CERT/CC Alerts to Hidden Admin Backdoor in Tenda Router Firmware

Several Tenda firmware versions have a hidden backdoor that lets people gain admin access to …