MalwareMay 6, 2026
Attacks Abuse Windows Phone Link to Steal Texts & Bypass 2FA
CloudZ RAT and Pheno plugin exploited via Windows Phone Link to steal texts and bypass 2FA.
Summary
Attackers are leveraging the Windows Phone Link application—a legitimate Windows-based bridge connecting PCs to Android smartphones—to deploy the CloudZ RAT malware and a new plugin called Pheno. The attack chain allows adversaries to intercept SMS messages and bypass two-factor authentication mechanisms. These attacks are difficult to detect due to the legitimate nature of the Phone Link application.
Indicators of Compromise
- malware — CloudZ RAT
- malware — Pheno
Entities
Windows Phone Link (product)CloudZ RAT (product)Pheno (product)Microsoft (vendor)