CloudZ malware abuses Microsoft Phone Link to steal SMS and OTPs
ATT&CK techniques detected
T1566.002Spearphishing Link
45%
“cloudz malware abuses microsoft phone link to steal sms and otps a new version of the cloudz remote access tool ( rat ) is deploying a previously unseen malicious plugin called pheno that hijacks the microsoft phone link connection to steal sensitive codes from mobile devices. th…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1204.001Malicious Link
45%
“confirmed phone link activity on the victim ' s machine, the attacker using the cloudz rat can potentially intercept the phone link application ’ s sqlite database file on the victim ' s machine, potentially compromising sms - based otp messages and other authenticator applicatio…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1557.001Name Resolution Poisoning and SMB Relay
32%
“cloudz malware abuses microsoft phone link to steal sms and otps a new version of the cloudz remote access tool ( rat ) is deploying a previously unseen malicious plugin called pheno that hijacks the microsoft phone link connection to steal sensitive codes from mobile devices. th…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
A new version of the CloudZ remote access tool (RAT) is deploying a previously unseen malicious plugin called Pheno that hijacks the Microsoft Phone Link connection to steal sensitive codes from mobile devices. [...]