CloudZ malware abuses Microsoft Phone Link to steal SMS and OTPs
Summary
A new variant of the CloudZ remote access tool (RAT) has been discovered, incorporating a malicious plugin named Pheno. This plugin exploits Microsoft's Phone Link application to intercept and steal sensitive information, including SMS messages and one-time passwords (OTPs), from connected mobile devices.
IFF Assessment
The discovery of a new malware variant that actively steals sensitive user data and authentication codes represents a direct threat to individuals and organizations.
Defender Context
This development highlights the growing sophistication of malware that targets inter-device communication features, like Microsoft Phone Link. Defenders should be aware of this threat and educate users about the risks of connecting untrusted devices or installing unverified applications that might leverage such integrations.