Automatically translated.View original post

The CloudZ malware makes use of the Microsoft Phone Link.

The CloudZ malware took advantage of the Microsoft Phone Link, sucking SMS from the company computer.

Short Message Service (SMS) smuggling by malware does not happen on the phone alone, because now using a tool to connect a mobile phone to a computer, hackers can easily steal data through a computer, as in this case.

According to a report by the website, CSO Online has mentioned remote-controlled malware detection, or the RAT (Remote Access Trojan) called CloudZ, and a Pheno plug-in that has the ability to collaborate to steal mobile phone data through tools to connect mobile phones, both iOS and Android, to computers like Microsoft Phone Link. This tool is often used on a large enterprise (Enterprise) level, as it allows employees to see notifications, messages and incoming calls to phones connected to a computer through this application. And the key to This software is that all data received through this software is recorded on a local computer, and this is a weakness that malware and plugins use to steal data from mobile phones.

In order to access the victim's system, the research team from Cisco Talos, which detected the malware, said that the carrier is not clear what the hacker uses as a carrier or how to access the victim, but it is clear that the first file that the hacker tricked into running (Execution) is a file that claims to be an update of a Remote Desktop tool called ScreenConnect. The file is a loader file written in Rust and called "systemupdating.exe," which, after running, will be loosened from the Loader malware file written on the basis of. NET descends again disguised as a Text file in the System folder of the Windows body. This .NET Loader will use the Anti-Analysis tool to detect the system before unlocking the real CloudZ malware. The CloudZ malware is decrypted and runs on the In-Memory Execution, making it difficult to detect by the detector.

At the same time, the first Loader malware will create Persistence on the malware with a Task Scheduling under the name "SystemWindowsApis." It will be timed to run every time it is launched and upgraded to Privilege with the use of the Windows tool called regasm.exe.

After the CloudZ malware has successfully embedded itself into the system, the malware will immediately contact the C2 or Command and Control server via the Encryption channel to retrieve the necessary functions - Credential Harvesting, File Operation, and Remote Command Execution. In addition, the second set of Configuration has been downloaded from the C2 server.

One of the key tools in this campaign is a malware plugin called Pheno, which can scan whether a Phone Link is in use on the victim's computer by scanning for a process called "YourPhone," "PhoneExperienceHost," or "Link to Windows," and log the operation of the software recorded on the device. If it is detected, the plugin will flags that the phone Link is in use and send the data back to the hackers to use the CloudZ malware to steal the data of the mobile phone sent on the phone. Link is saved as an SQLite database file. The stolen data spans SMS messages, one-time passwords, and OTP, and authentication information on the authentication application used by the victim's mobile phone.

# microsoft # Trending # lemon 8 diary # cloudz # freedomhack

5/29 Edited to

... Read moreในยุคที่เทคโนโลยีก้าวหน้า การใช้งานเครื่องมือเชื่อมต่อระหว่างโทรศัพท์มือถือและคอมพิวเตอร์ เช่น Microsoft Phone Link กลายเป็นเรื่องธรรมดาสำหรับองค์กรขนาดใหญ่เพื่อความสะดวกในการทำงาน แต่สิ่งนี้กลับกลายเป็นช่องทางให้มัลแวร์อย่าง CloudZ โจมตีขโมยข้อมูลส่วนตัวที่สำคัญอย่างไม่น่าเชื่อ จากประสบการณ์การทำงานในสาย IT Security ผมเองเคยเจอปัญหาคล้าย ๆ กับแคมเปญนี้ คือการที่มัลแวร์ถูกฝังตัวผ่านโปรแกรมที่ดูเหมือนถูกต้อง เช่นอัปเดตซอฟต์แวร์ จากนั้นจึงแฝงตัวเพื่อสร้างความคงทนบนระบบและขโมยข้อมูลอย่างเงียบ ๆ ซึ่งโดยเฉพาะในองค์กรที่มีการใช้ Phone Link เพื่อรับส่งข้อความและแจ้งเตือนจากโทรศัพท์บนคอมพิวเตอร์ ความเสี่ยงต่อการถูกขโมยข้อมูล SMS และ OTP จึงสูงมาก มัลแวร์ CloudZ แข็งแกร่งด้วยการใช้เทคนิค In-Memory Execution ที่ซ่อนตัวในหน่วยความจำ ทำให้เครื่องมือป้องกันบางตัวตรวจจับได้ยาก และมีปลั๊กอิน Pheno ที่สแกนตรวจสอบการใช้งาน Phone Link เพื่อเก็บข้อมูล SQLite database ไฟล์บนเครื่องทันที ข้อมูลที่ถูกขโมยครอบคลุมตั้งแต่ SMS, รหัสผ่านใช้ครั้งเดียว ไปจนถึงข้อมูลยืนยันตัวตนในแอป authenticator ซึ่งอาจนำไปสู่การถูกแฮ็กบัญชีหรือข้อมูลสำคัญอื่น ๆ ได้ ในฐานะผู้ดูแลระบบหรือผู้ใช้เอง มีข้อควรระวังที่น่าสนใจคือ การติดตั้งโปรแกรมจากแหล่งที่เชื่อถือได้เท่านั้น ควรตรวจสอบไฟล์ที่รันหรืออัปเดตซอฟต์แวร์ด้วยความระมัดระวัง และใช้ซอฟต์แวร์ป้องกันมัลแวร์ที่อัปเดตอยู่เสมอ รวมถึงจำกัดสิทธิ์การเข้าถึงระบบให้เหมาะสม ส่วนในระดับองค์กร ควรมีมาตรการตรวจสอบและเฝ้าระวังการทำงานของโปรเซสที่เกี่ยวข้องกับ Phone Link และสแกนหามัลแวร์อย่างสม่ำเสมอ พร้อมทั้งฝึกอบรมพนักงานให้รับรู้ถึงความเสี่ยงและวิธีป้องกันภัยไซเบอร์เบื้องต้น เพื่อป้องกันไม่ให้แฮกเกอร์เข้าถึงข้อมูลสำคัญผ่านช่องทางนี้ได้อย่างง่ายดาย ด้วยวิธีการเหล่านี้ แม้เทคโนโลยีจะพัฒนาขึ้นรวดเร็ว แต่เราก็ไม่ควรละเลยความปลอดภัยของข้อมูลส่วนตัวและข้อมูลขององค์กร เพื่อป้องกันความเสียหายที่อาจเกิดขึ้นจากมัลแวร์ CloudZ และภัยคุกคามที่ซับซ้อนอื่น ๆ ในอนาคต

Related posts

A young woman with long dark hair, wearing a pink satin shirt, smiles at the camera while sitting at a table. Overlay text reads: 'Tools and sites I use as a cybersecurity student to progress my skills and keep me interested in studying'.
A screenshot of 'The Hacker News' website, displaying various cybersecurity news articles from January 2025, including topics like vulnerabilities, malware, cyber espionage, and AI jailbreak methods. An ad for Zscaler and a banner for CIS Hardened Images are also visible.
A screenshot of the O'Reilly learning platform, showing various books and expert playlists related to AI, engineering, and data. Overlay text highlights the subscription cost ($50/month or $499/year) and its value for accessing books and live events.
Tools and sites I use as a cybersecurity student 🌸
#cybersecuritystudent #cybersecurity #techgirlie
LexiStudies

LexiStudies

111 likes

The things we do for our kids 🙃 #needoh #hunting #squishy #fidgettoys #shopwithme
L E X 🍒

L E X 🍒

230 likes

A person with dark curly hair and tattoos lies on a pink pillow. Text overlays read 'Smell Like Me Pretty Girl Edition,' surrounded by decorative flowers and candies.
A hand holds a blue fragrance mist bottle. Text describes its scent notes, including vanilla orchid, sugar, violet, and sandalwood, and characteristics like a light, airy, vanilla, and floral aroma that lasts all day.
A hand holds a pink fragrance bottle. Text details its scent notes, including orchid, heliotrope, tangerine, tropical fruits, vanilla, musk, and sandalwood, and describes it as a sweet, tropical lotion with a large scent bubble.
Feminine Fragrance Recommendations🌸🩷
Smell like a feminine, flirty, bubbly little fairy princess🧚🏽‍♀️ 🌸Products🌸 (all available on Amazon😊) 🧚🏽‍♀️ Sol de Janeiro 59 🧚🏽‍♀️ Yara by Lattafa 🧚🏽‍♀️ Mondaine by Paris Bleu 🧚🏽‍♀️ Tooty Musk by Al Rehab 🧚🏽‍♀️ Ekhtjari by Lattafa 🧚🏽‍♀️ Sofia by Sofia Vergara 🧚🏽‍♀️ Lost in Ink by Oakc
Zoe🧚🏽‍♀️🌙

Zoe🧚🏽‍♀️🌙

460 likes

Vanilla Chocolate Shower Routine
Please let me smell like this all year round 🤌💕🤗 #vanilla #vanillashowerproducts #vanillashowerroutine #vanillashower #smells like vanilla
ItsMaria | body care & perfume

ItsMaria | body care & perfume

461 likes

MeetNDaCloudz

MeetNDaCloudz

1 like

Windows Tools - Part 1: Task Manager
💻 Windows Tools Every IT Professional Should Know 🩷 Part 1: Task Manager Task Manager is one of the first tools many IT professionals learn to use—and for good reason. Whether you’re troubleshooting a slow computer, investigating high resource usage, reviewing startup applications, monitorin
ITwDee

ITwDee

10 likes

These Skittles Cloudz are dangerously good ☁️🍬 Soft, chewy, and packed with fruity flavor. Would you try them? 👀 #CandyTok #SkittlesCloudz #SkittlesCloudz #SnackReview #SweetTreats
Elle Drea

Elle Drea

198 likes

Wonluv>3

Wonluv>3

1 like

#lemon8dairy #tiktok #cloudz2cloudy #followme
Cloudy2

Cloudy2

0 likes

✨🖇️📁🗂️💻📚📓
#lawschool #studywithme #whatsinmybag #whatsinmyschoolbag #work
claudz

claudz

8 likes

MeetNDaCloudz

MeetNDaCloudz

1 like

MeetNDaCloudz

MeetNDaCloudz

1 like

LOCKDOWN😂
This had me CRYING🤣 #gaming #fyp #foryoupage #kickcommunity
CptCloudz

CptCloudz

4 likes

A digital background with circuit patterns and binary code features a glowing shield with an open padlock. Orange text boxes read 'ANTIVIRUS 2026: TOP 4 PICKS.' and '2 PAID VS. 2 FREE. WHICH IS BEST?'. A robotic arm is visible, symbolizing the cybersecurity theme of comparing antivirus software.
The great anti virus software battle of 2026! 🤺
Is your computer actually “Safe”, or just “Scanned”? 🚨🛡️ In 2026, antivirus software has split into two camps: Proactive security suites (paid) that use behavior-based protection to stop modern malware before execution — and reactive scanners (free) that mostly clean up after the damage is done
ByteSized Cyber

ByteSized Cyber

2 likes

Can’t wait for the exhaust and insta 360 to show up for you guys
1xCloudz

1xCloudz

3 likes

Education
Education on the spotting of scams #embracevulnerability #unfiltered #Lemon8Diary #lemon8bookclub #healthylifestyle2024
Dragonak1754

Dragonak1754

8 likes

Makeup of the day under $10 ✨ Favorites brands
#lemon8challenge #makeupoftheday I love these products because they are cheap and amazing quality. I don’t know why I found these gems before 😍😍😍 The setting spray by Wet n Wild smells delicious 🌸 #cheapmakeupideas #inexpensivemakeup #drugstoremakeupfavorites
Gabriela Figueroa

Gabriela Figueroa

26 likes

#soulmate
#iwilltryforsure💯 #fyp
H&M hustle&Motivation

H&M hustle&Motivation

1 like

“Him that overcometh will I make a pillar in the temple of my God, and he shall go no more out: and I will write upon him the name of my God, and the name of the city of my God, which is new Jerusalem, which cometh down out of heaven from my God: and I will write upon him my new name.” ‭‭Revelatio
MeetNDaCloudz

MeetNDaCloudz

2 likes

What to offer as a SMM? 📲
Knowing that my days/weeks are never 100% the same makes me happy! Including client work, I also: 📱I assisted an e-commerce startup by sharing my marketing tips with them so they have a successful launch! 📱Created and designed business cards for a local company. 📱And also had someone re
Bria | Social, Design, & AI

Bria | Social, Design, & AI

12 likes

External Hard Drive Showing Empty? How to Fix?
Plugged in your external hard drive but found it empty? Here are a few easy fixes you can try! If your files are lost, use AOMEI FastRecovery to bring them back. Giveaway license code: code.aomeitech.com Discount code: Special30OFF  #externalharddrive #recovery #harddrive #empty
SmoothTechie

SmoothTechie

1 like

Best Winter Soldier NA
#marvel #marvelrivals #gaming #editing #funny
Runawaydaddy

Runawaydaddy

9 likes

You need to check out these 5 FPS coming in 2025!
#gettoknowme #fyp #gaming #gamer #Lemon8Diary
ClouDzFTW

ClouDzFTW

1 like

Arena Breakout
We share loot☺️ #fyp #gaming #followers #gamer #trending
CptCloudz

CptCloudz

4 likes

Making a yogurt bowl Yaaay! ✨🌸
Make sure to follow me on Instagram @strawberry_cloudz456! #yogurtbowls #lifestyle #vlogs #trending #viral
Lindsey ☆

Lindsey ☆

3 likes

A layered image features a black and white classical sculpture of a man wrestling a serpent, overlaid with 'I REFUSE TO LOSE.' The background shows a lush, fantastical garden and ancient ruins, while layers above and below reveal a starry night sky and a dark water body with floating petals.
“For we wrestle not against flesh and blood, but against principalities, against powers, against the rulers of the darkness of this world, against spiritual wickedness in high places.” ‭‭Ephesians‬ ‭6‬:‭12‬ ‭KJV‬‬ “And he said unto them, I beheld Satan as lightning fall from heaven. Behold, I g
MeetNDaCloudz

MeetNDaCloudz

4 likes

Yah our creator
MeetNDaCloudz

MeetNDaCloudz

0 likes

watch the whole video like share and follow me
#fypシ
John Damico

John Damico

1 like

Just wanted this to be the first vid I post
#fyp #foryoupageofficiall #edits #newpost
Cloudz.

Cloudz.

1 like

Come with me to pick out candy we can’t get in the US #travel #australia
Sophia

Sophia

13 likes

what he mean by that #fuslie #ludwig #valkyrae #squeex #fyp
Leslie

Leslie

2 likes

Fruity Floral Products
Where are my fruity floral girlies at #floralperfume #fruityperfume #fruityscents #bodycareproducts #perfumes
ItsMaria | body care & perfume

ItsMaria | body care & perfume

24 likes

Replying to @pinkcloudz is @Dove Beauty & Personal Care amino curl repair really for the curly/coily girls?? #doveaminocurlrepair #dovehair #naturalhairtiktok
aprilbasi | chemist

aprilbasi | chemist

8 likes

Install Windows 11 Fast — Bootable USB Creation
Windows 10 support has officially ended — now’s the perfect time to move to Windows 11! Learn how to create a Windows 11 bootable USB from an ISO with our step-by-step guide. #TechTips #learnonlemon8 #windows11 #fyp #windows
Moon Bureau

Moon Bureau

5 likes

See more