Windows Phone Link Exploited by CloudZ RAT to Steal Credentials and OTPs
A new campaign is leveraging the CloudZ RAT and a custom 'Pheno' plugin to exploit Windows Phone Link for credential and OTP theft.
Researchers have uncovered a campaign involving the CloudZ remote access trojan (RAT) and a previously undocumented plugin called Pheno. The attackers are specifically targeting the Windows Phone Link feature to facilitate unauthorized access and data theft.
The primary objective of this campaign is the theft of user credentials and one-time passwords (OTPs). By compromising the Phone Link integration, attackers can intercept sensitive authentication tokens, potentially bypassing multi-factor authentication protections [The Hacker News].
Users are advised to exercise caution when using Phone Link and to ensure that their systems are fully patched and protected by robust endpoint security solutions. Organizations should monitor for suspicious activity related to Phone Link and implement strict access controls to prevent unauthorized use of the feature.