Malware campaign abuses Microsoft Phone Link to intercept SMS OTPs on Windows
Updated
Updated · Computerworld · May 5
Malware campaign abuses Microsoft Phone Link to intercept SMS OTPs on Windows
4 articles · Updated · Computerworld · May 5
First seen in January 2026, the CloudZ RAT and Pheno plugin target synced phone data on PCs rather than infecting mobile devices, Cisco Talos researchers said.
Talos said attackers can access Phone Link's local SQLite data, monitor active sessions, steal credentials and authenticator notifications, and bypass MFA from compromised enterprise Windows endpoints.
The intrusion reportedly begins with a fake ScreenConnect update, uses persistence and anti-analysis checks, and prompted Talos to publish indicators of compromise, malware hashes and Snort rules.
Is the convenience of syncing your phone with Windows now a hidden gateway for hackers to steal your credentials and bypass two-factor authentication?
With CloudZ exploiting trusted apps and AI-driven phishing on the rise, are current security tools and detection methods already outdated?
Could new habits or technologies make cross-device syncing safe again, or is the risk of attacks like CloudZ simply too great to ignore?