"The attack does not target the mobile device itself. Instead, it exploits the trust relationship between phones and Windows PCs by monitoring data mirrored through the Phone Link application."
"CloudZ utilizes the custom Pheno plugin to hijack the established PC-to-phone bridge by abusing the Microsoft Phone Link application, allowing the plugin to continuously scan for active Phone Link processes and potentially intercept sensitive mobile data like SMS and OTPs without deploying malware on the phone."
"This was with the intention of stealing victims' credentials and potentially one-time passwords (OTPs), making the intrusion notable to enterprise defenders."
A malware campaign identified in January 2026 uses a trojan called CloudZ and a Pheno plugin to intercept SMS-based one-time passwords from Windows systems. This attack leverages the Microsoft Phone Link feature, allowing attackers to harvest credentials and capture authentication codes synced from smartphones. The method does not target mobile devices directly but exploits the trust relationship between phones and PCs. This technique is significant for enterprise security as it bypasses traditional multi-factor authentication methods by extracting codes from compromised Windows systems.
Read at Computerworld
Unable to calculate read time
Collection
[
|
...
]