VMTech
+381 11 4150 20024/7 Discuss a project
← All Instagram insights VMTECH · INSTAGRAM

CloudZ RAT Exploits Phone Link to Steal Credentials and OTPs

CloudZ RAT использует Phone Link для кражи учетных данных и OTP

Colleagues: Cisco Talos described a CloudZ RAT campaign with a Pheno plugin that intercepts SMS and OTP via Microsoft Phone Link without compromising the phone.

- What happened: a malicious executable deploys a .NET loader and the Pheno plugin; the plugin reads Phone Link data (SQLite).
- Risks: credential and OTP theft, 2FA bypass, exfiltration from the staging folder.
- Mechanism: C2 communication, module loading, collection of browser data and Phone Link logs.

Why it matters: device synchronization features open new vectors for credential theft.

What mitigation measures should be prioritized? #cybersecurity #endpointsecurity #CloudZ #PhoneLink

Latest comments

No comments yet.