Knock, knock. Who’s there?
Woo. Woo who?
Glad you’re excited, too!
Greetings! With April gone, we have successfully passed the 1/3 mark for 2025. Time flies when you are having fun!
I’m a huge fan of learning from someone else’s mistakes. I taught my kids to watch what their friends were doing and if they didn’t like the outcome, then don’t repeat the behavior that led up to the outcome. If they did like the outcome, then replicate the behavior. With that in mind, here are a couple of things that happened in April.
Malware is masquerading as Zoom. I think there are a couple of variations to this. My first hand knowledge is with a customer who thought he was downloading a zoom link. The antivirus gave it a green light. Fortunately, our EDR (Endpoint Detection and Response) stopped it cold. Everything about it looked like a zoom download but when it executed it attempted to do nefarious things. Fortunately, I can’t give you details concerning what would have happened next because EDR stopped it. EDR also shut down the internet on that computer and closed all network connections to protect all other devices in the environment. Once the environment was secured, they texted me, emailed me and called me to alert me to the problem. Cleaning up the compromised environment was not what I had scheduled for the day, but I am so thankful for the opportunity to cleanup. I’ve been in similar situations without the benefit of EDR and I can assure you, cleanup is much easier and much faster than recovery! Cleanup took about an hour. Recovery can take days!
The next day, Malwarebytes sent out an announcement concerning Zoom video conferencing. (https://www.malwarebytes.com/blog/news/2025/04/zoom-attack-tricks-victims-into-allowing-remote-access-to-install-malware-and-steal-money). The condensed version is: Bad Actor, Elusive Comet, lures victims into a zoom video call. They never show their face. They get victim to allow remote access. Once access is granted, they install “tools” to infiltrate their accounts and steal their money.
To prevent this from happening to you, don’t install the zoom app. If you truly need to attend a zoom meeting, do so via the browser. When the zoom meeting invite opens, it will give you the option of downloading the app or running inside the browser (read the fine print). Running inside the browser will limit the functionality, including denying remote access to your workstation.
Malwarebytes also alerted me to a Gmail attack. I don’t have first hand experience with this, and I would prefer not to get first hand experience. Please look closely.
As a computer savvy person, Nick spotted that the official site should have been hosted on accounts.google.com and not sites.google.com. The difference is that anyone with a Google account can create a website on sites.google.com. And that is exactly what the cybercriminals did.
To Protect yourself from these scams,
· Don’t click on links in unsolicited emails
· Double check who sent the email. Does it look legit?
· Don’t use your Google Account or Facebook Account to log in to random sites. Instead, create an account for the service itself.
Read the full story at: https://ww.malwarebytes.com/blog/news/2025/04/all-gmail-users-at-risk-by-clever-replay-attack
If you want to replicate the good behavior with an inexpensive subscription to EDR, Call Me. 541 – 756 – 8770. I would love to help you out.
Until next month, tell knock-knock jokes to your canine friends!
Janet
Because It Made Me Laugh!!
