Product
high
advisory
CloudZ RAT Abuses Microsoft Phone Link to Steal SMS and OTPs
2 rules 1 TTPA new version of the CloudZ RAT utilizes the Pheno plugin to hijack Microsoft Phone Link connections, enabling the theft of SMS messages and one-time passwords (OTPs) from victims' mobile devices.
Phone Link +2
cloudz
malware
rat
microsoft-phone-link
credential-theft
otp
sms
2r
1t
high
advisory
CloudZ RAT Abusing Windows Phone Link to Steal OTPs
2 rules 6 TTPsAn unknown attacker is using the CloudZ RAT and its Pheno plugin to hijack the Microsoft Phone Link application and intercept SMS and OTP messages from connected mobile devices, active since at least January 2026.
Windows 10 +2
cloudz
rat
pheno
phone-link
otp
credential-theft
2r
6t