EarlyNarratives
Pricing
Start free trialSign in
Start free trialSign in
Signal

CloudZ RAT exploits Windows Phone Link to steal credentials and OTPs

Evidence first: scan the strongest sources, then decide whether to go deeper.

Published 2026-05-06 08:34 UTCUpdated 2026-05-06 15:00 UTC
rss
malwareexploitscredential_theftotp_theftwindows
Trend in the last 24h
Source links open
Source links and full evidence are open here. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.
BackEvidence (3)Get the free brief by emailStart free trial
No card needed for the free brief.
Evidence trail (top sources)
top sources (3 domains)domains are deduped. counts indicate coverage, not truth.
3 top sources shown
CloudZ Malware Abuses Phone Link to Steal SMS OTPs
Infosecurity Magazine · News · infosecurity-magazine.com · 2026-05-06 15:00 UTC
View all evidence
Overview

Security researchers have disclosed a new malware threat involving the CloudZ RAT and its Pheno plugin, which exploits Microsoft Phone Link on Windows devices. This plugin monitors active Phone Link connections to intercept SMS OTPs and notifications, enabling attackers to steal credentials and potentially bypass two-factor authentication. The discovery by Cisco Talos and others underscores the evolving tactics of threat actors leveraging legitimate system features for malicious purposes.

Entities
Cisco TalosMicrosoftCloudZ RATPheno plugin
Score total
1.19
Momentum 24h
3
Posts
3
Origins
3
Source types
1
Duplicate ratio
0%
Why now
  • Recent discovery highlights an active and emerging malware campaign.
  • CloudZ RAT's new plugin represents a novel attack vector on Windows devices.
  • Timely awareness can help mitigate risks before widespread exploitation occurs.
Why it matters
  • Attackers can steal SMS-based OTPs, undermining two-factor authentication security.
  • Exploitation of legitimate Windows Phone Link feature shows evolving malware tactics.
  • Users and organizations relying on Phone Link should be aware of this new threat.
LLM analysis
Topic mix: lowPromo risk: lowSource quality: medium
Recurring claims
  • CloudZ RAT with Pheno plugin abuses Microsoft Phone Link to steal SMS OTPs and credentials
How sources frame it
  • The Hacker News: neutral
  • Infosecurity Magazine: neutral
  • SC Media: neutral
This report consolidates recent findings on CloudZ RAT's abuse of Windows Phone Link to steal credentials and OTPs, emphasizing the importance of vigilance against evolving malware techniques.
All evidence
All evidence
CloudZ Malware Abuses Phone Link to Steal SMS OTPs
Infosecurity Magazine · infosecurity-magazine.com · 2026-05-06 15:00 UTC
CloudZ RAT plugin targets Windows Phone Link for possible OTP theft
SC Media · scworld.com · 2026-05-06 13:26 UTC
Windows Phone Link Exploited by CloudZ RAT to Steal Credentials and OTPs
thehackernews · thehackernews.com · 2026-05-06 08:34 UTC
Show filters & breakdown
Posts loaded: 0Publishers: 3Origin domains: 3Duplicates: -
Showing 3 / 0
Top publishers (this list)
  • Infosecurity Magazine (1)
  • SC Media (1)
  • thehackernews (1)
Top origin domains (this list)
  • infosecurity-magazine.com (1)
  • scworld.com (1)
  • thehackernews.com (1)