1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Experts warn Microsoft Phone Link tool exploited by 'unknown thre

    From TechnologyDaily@1337:1/100 to All on Wednesday, May 06, 2026 17:45:28
    Experts warn Microsoft Phone Link tool exploited by 'unknown threat' to steal SMS and OTP info

    Date:
    Wed, 06 May 2026 16:35:00 +0000

    Description:
    A known RAT was given new capabilities in order to exfiltrate 2FA codes and more.

    FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter A new CloudZ plugin, Pheno , hijacks Microsoft Phone Link to steal SMS and OTPs from connected Android devices This enables attackers to bypass 2FA without compromising the phone itself The RAT retains full remote access capabilities, with researchers urging a shift away from SMSbased authentication A new version of the CloudZ remote access trojan (RAT) for Windows now comes with a new plugin that
    steals data from a connected Android device, experts have revealed.

    Security researchers Cisco Talos recently spotted the upgraded variant while investigating a breach that has been ongoing since January 2026. Windows 10 and 11 operating systems have a feature called Microsoft Phone Link, which allows users to connect their Android and iOS mobile devices to their computers. They can then use their computers to take and make calls, text people, and more, without needing to pick up the smartphone. Article
    continues below You may like I smell a RAT new Android malware can hack
    every top phone maker's security, and costs less than a second-hand iPhone
    New cyber scam abuses Microsoft Teams to steal your data 'A sophisticated threat that is quietly reshaping the economics of digital fraud': How hackers are employing virtual cloud phones to power major scams Stealing 2FA and OTPs While its definitely a handy feature to answer those group WhatsApp and Telegram messages, it is even more handy when the device is needed for two-factor authentication (2FA). However, this is precisely why CloudZ was introduced with a new plugin called Pheno.

    Which brings us to today.

    By hijacking the connection, the threat actors can easily exfiltrate not just credentials, but also temporary passwords that get sent to the mobile device
    - without needing to compromise the phone.

    Pheno works by monitoring for active Phone Link sessions and accessing the local SQLite database that contains SMS and one-time passwords (OTP). Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting
    your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

    With a confirmed Phone Link activity on the victim's machine, the attacker using the CloudZ RAT can potentially intercept the Phone Link applications SQLite database file on the victim's machine, potentially compromising SMS-based OTP messages and other authenticator application notification messages, Cisco Talos said.

    Other than that, CloudZ comes with all the usual RAT capabilities, such as tampering with files, executing shell commands, recording the screen, and more. It tries to hide its activity by rotating between three hardcoded user-agent strings, making HTTP traffic appear as legitimate browser
    requests.

    Cisco Talos was not able to determine how the victims got infected by CloudZ but warned that users should avoid SMS-based OTP services and should instead use authenticator apps that dont require interceptable push notifications.

    Via BleepingComputer The best antivirus for all budgets Our top picks, based on real-world testing and comparisons

    Read our full guide to the best antivirus 1. Best overall: Bitdefender Total Security 2. Best for families: Norton 360 with LifeLock 3. Best for mobile: McAfee Mobile Security Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/experts-warn-microsoft-phone-link-tool- exploited-by-unknown-threat-to-steal-sms-and-otp-info


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)