CloudZ malware hijacks Microsoft Phone Link to intercept SMS and OTPs

📅 5 May 2026 at 10:07 UTC📰 Cyber InsiderView original source ↗

A new malware campaign abuses Microsoft’s Phone Link app to intercept sensitive mobile data, including one-time passwords (OTPs), without compromising the phone itself. The attack centers on a modular malware toolkit called CloudZ RAT and a previously undocumented plugin for it, named “Pheno,” which enables attackers to monitor synchronized smartphone data directly from a victim’s … The post CloudZ malware hijacks Microsoft Phone Link to intercept SMS and OTPs appeared first on CyberInsider.

🤖 AI BriefingAuto-generated threat analysis

🔍Threat Overview

CloudZ malware campaign hijacks Microsoft Phone Link app to intercept SMS and OTPs, exploiting legitimate Windows feature without compromising the phone itself.

⚙️Technical Details

Affected Systems

Windows 10Windows 11

Attack Vectors

Malicious executable disguised as ScreenConnect updateRust-based loader via scheduled task ('SystemWindowsApis') and regasm.exe

💥Impact Assessment

Severity: high

Who Is at Risk

Users with Microsoft Phone Link app installed on Windows 10 or 11Severity: high

🛡️Recommended Actions

1Review whether Phone Link is necessary in the environment and disable it if not

2Use multi-factor authentication methods that do not rely on SMS, such as hardware tokens or app-based push notifications

3Regularly review system logs for suspicious activity related to Phone Link

📦Affected Products

Microsoft Phone Link

Read the full article

This is a curated summary. The complete article is available at Cyber Insider.

Read on Cyber Insider ↗

← Back to feed