Technology News
English Edition
  • Home
  • Apps
  • Apps News
  • CloudZ RAT Malware Could Exploit Microsoft Phone Link App to Access Messages and OTPs, Researchers Warn

CloudZ RAT Malware Could Exploit Microsoft Phone Link App to Access Messages and OTPs, Researchers Warn

Researchers say malicious actors could gain access to notifications, messages, and OTPs synced between an infected PC and a linked phone.

Written by Shaurya Tomer, Edited by David Delima | Updated: 6 May 2026 17:36 IST
CloudZ RAT Malware Could Exploit Microsoft Phone Link App to Access Messages and OTPs, Researchers Warn

Photo Credit: Microsoft

Phone Link is a mobile pairing application which comes preloaded on Windows 11

Click Here to Add Gadgets360 As A Trusted Source As A Preferred Source On Google
Highlights
  • The malicious campaign can intercept messages and OTPs
  • Researchers warn synced data is exposed on compromised Windows PCs
  • Experts urge users to update software only from verified sources
Advertisement

Microsoft's Phone Link app could become a target for threat actors if a connected Windows PC is infected with malware. According to security researchers, an ongoing campaign potentially targets victims with a remote access trojan (RAT) called CloudZ. It reportedly compromises systems and can intercept sensitive information synced between smartphones and PCs when using the Phone Link app. Researchers say the attack began earlier this year and raises concerns regarding notifications, messages, and one-time passwords (OTPs) synced between the phone and the PC.

What Is the CloudZ RAT Phone Link Attack?

According to cybersecurity researchers at Cisco Talos, threat actors are leveraging the Microsoft Phone Link app to access synced mobile data on a compromised Windows computer. The app, notably, serves as a bridge between smartphones and PCs, allowing users to access their phone's notifications, messages, and calls directly from their computers.

VoltPhone Link App Discussion
Explore More...

Researchers uncovered that attackers are deploying a modular malware called CloudZ RAT, along with an additional plugin named “Pheno.” As per the blog post, the plugin specifically scans systems for active Phone Link sessions and attempts to monitor related processes such as “YourPhone,” “PhoneExperienceHost,” and “Link to Windows.”

Once an active Phone Link connection is detected, attackers can potentially intercept the app's SQLite database files, including “PhoneExperiences-*.db,” which reportedly contains synced SMS messages, call logs, and notification history. Researchers say this could expose sensitive information such as OTPs and authentication notifications synced between a phone and PC.

How the CloudZ RAT Phone Link Attack Works

Talos says the intrusion chain begins with victims being tricked into installing what appears to be a legitimate ScreenConnect software update. The fake installer reportedly drops a malicious Rust-based loader disguised under filenames such as “systemupdates.exe” or “Windows-interactive-update.exe.”

Once executed, the loader installs an intermediate .NET component. This is said to eventually deploy the malicious CloudZ RAT malware onto the system. It can decrypt the configuration data, connect to attacker-controlled servers, and enter a command mode that is capable of downloading plugins and stealing information.

In simple terms, the fake update file, when opened, quietly installs another hidden program on the PC. This program then downloads and installs the CloudZ malware. Once active, the malware connects to servers controlled by hackers and waits for instructions. It can then download extra malicious tools, monitor activity on the device, and steal sensitive information from the infected system.

Researchers also noted that CloudZ uses several evasion techniques to avoid detection, including obfuscation and anti-debugging checks. It reportedly rotates user-agent strings to disguise malicious traffic within legitimate browser activity. The malware uses multiple fallback methods, including curl, PowerShell, and bitsadmin, to download payloads.

What Users Should Know

Researchers have warned that since Phone Link mirrors notifications and messages between devices, an infected PC could potentially expose private conversations, authentication alerts, and OTP codes synced from a phone. According to Talos, the malware reportedly stores gathered reconnaissance data in temporary staging folders before exporting it to attacker-controlled servers.

The Pheno plugin may also reportedly check if Phone Link is actively routing traffic through a local proxy connection before attempting to monitor synced data. Researchers recommend downloading software updates only from trusted sources and keeping antivirus protection enabled on their PCs to detect any suspicious activity.

Comments

Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.

Further reading: Phone Link App, Microsoft, Windows, cybersecurity
Shaurya Tomer
Shaurya Tomer
Shaurya Tomer is a Sub Editor at Gadgets 360 with 2 years of experience across a diverse spectrum of topics. With a particular focus on smartphones, gadgets and the ever-evolving landscape of artificial intelligence (AI), he often likes to explore the industry's intricacies and innovations – whether dissecting the latest smartphone release or exploring the ethical implications of AI advancements. In his free time, he often embarks on impromptu road trips to unwind, recharge, and ...More
Sony Xperia 1 VIII Price, Sale Date Reportedly Surface Online via Amazon Listing

Related Stories

CloudZ RAT Malware Could Exploit Microsoft Phone Link App to Access Messages and OTPs, Researchers Warn
Comment
Facebook Gadgets360 Twitter Share Tweet Snapchat LinkedIn Reddit Comment google-newsGoogle News
Turbo Read

Advertisement

Featured
Follow Us
Latest Videos
More Videos
Tech News in Hindi
More Technology News in Hindi

Advertisement

Popular on Gadgets
Latest Gadgets
Popular Mobile Brands
#Trending Stories
  1. Vivo X300 Ultra Debuts in India With 200-Megapixel Zeiss Cameras: See Price
  2. Vivo X300 FE With a 6,500mAh Battery Arrives in India at This Price
  3. CMF Watch 3 Pro With Up to 13 Days Battery Life Launched in India
  4. Here's How Much the Upcoming Sony Xperia 1 VIII Might Cost
  5. Infinix Note 60 Pro Review: Just Another Mid-Ranger?
  6. This Malware Can Exploit Phone Link App to Access Messages on Your Phone
  7. Coinbase CEO Says 14 Percent of Global Workforce Will Be Laid Off
#Latest Stories
  1. CloudZ RAT Malware Could Exploit Microsoft Phone Link App to Access Messages and OTPs, Researchers Warn
  2. Vaazha II: Biopic of a Billion Bros OTT Release Date: When and Where to Watch This Malayalam Drama Film Online
  3. Dacoit: A Love Story OTT Release Date: When and Where to Watch Adivi Sesh and Mrunal Thakur Starrer Online?
  4. Sony Xperia 1 VIII Price, Sale Date Reportedly Surface Online via Amazon Listing
  5. OpenAI Upgrades ChatGPT’s Default AI Model to GPT-5.5 Instant, Adds New Capabilities
  6. Oppo Reno 16 Pro Global Launch Could Follow Debut in China; BIS Listing Suggests It Will Also Come to India
  7. Vivo X300 FE Launched in India With Snapdragon 8 Gen 5 SoC, Zeiss-Tuned 50-Megapixel Camera: Price, Features
  8. Vivo X300 Ultra Launched in India With 200-Megapixel Zeiss Camera, Snapdragon 8 Elite Gen 5 SoC: Price, Specifications
  9. Apple's iOS 27 Update Said to Add Option to Choose Third-Party AI Providers for Siri
  10. Apple Agrees to Pay $250 Million Settlement to iPhone 16, iPhone 15 Pro Owners Over AI Claims
Gadgets 360 is available in
Follow Us
Download Our Apps
App Store App Store
Available in Hindi
App Store
© Copyright Red Pixels Ventures Limited 2026. All rights reserved.
Trending Products »
Latest Tech News »