"According to the functionalities of the CloudZ RAT and Pheno plugin, this was with the intention of stealing victims' credentials and potentially one-time passwords (OTPs)."
"What makes the attack novel is that CloudZ uses the custom Pheno plugin to hijack the established PC-to-phone bridge by abusing the Microsoft Phone Link application."
"The findings demonstrate how legitimate cross-device syncing features can expose unintended attack pathways to credential theft and help bypass two-factor authentication."
"Unknown threat actors have been observed attempting to leverage the application using CloudZ RAT and Pheno to confirm Phone Link activity on a victim environment."
Cybersecurity researchers revealed an intrusion using CloudZ RAT and Pheno plugin aimed at credential theft. The attack exploits Microsoft Phone Link to hijack PC-to-phone connections, enabling monitoring of SMS and one-time passwords without malware on mobile devices. This method bypasses two-factor authentication and highlights vulnerabilities in legitimate syncing features. The intrusion has been active since at least January 2026, with no attribution to known threat actors. Attackers confirmed Phone Link activity and accessed the SQLite database for synchronized phone data.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]