Your Phone Link setup on Windows could be at risk from this Trojan

Source: Android Authority

TL;DR

• Attackers are spreading CloudZ RAT via a fake ScreenConnect update that quietly installs malware.
• The malware can steal browser credentials and even pull data from Microsoft Phone Link using a plugin, putting synced phone and PC data at risk.
• If your PC is compromised, anything shared with your phone, including messages and OTPs, could be exposed. Installing software from trusted sources is the only way to stay cautious.

Attack Overview

Microsoft Phone Link is designed to make your life easier by linking your phone to your PC. A recent investigation (via Cisco Talos) shows how that convenience can be exploited.

Researchers discovered an ongoing campaign, active since January, in which hackers deliver a remote‑access tool called CloudZ RAT to Windows machines. The infection chain begins with a fake ScreenConnect update. Victims are prompted to install what appears to be a routine update, but the installer is malicious and drops a hidden program that fetches the actual malware.

Once installed, CloudZ RAT:

1. Connects to a command‑and‑control server controlled by the attacker.
2. Extracts sensitive data such as saved browser credentials.
3. Downloads an additional plugin—named “Pheno”—that specifically targets Microsoft Phone Link.

Impact on Phone Link

The Pheno plugin scans the Phone Link application, collects data (including synced messages, notifications, and one‑time passwords), and stores it in a temporary folder. CloudZ then exfiltrates this data to the attacker’s server. Consequently, if the PC side of the Phone Link connection is compromised, any information shared between the phone and PC can be intercepted.

Recommendations

• Download software only from trusted sources. Verify updates through official vendor channels.
• Maintain active threat detection. Keep antivirus and anti‑malware solutions up to date so suspicious activity is flagged early.
• If you suspect an infection:
  1. Disconnect the affected device from the network.
  2. Stop syncing it with other devices until the issue is resolved.
  3. Run a full system scan and follow remediation steps provided by your security software.

While the risk does not require abandoning Phone Link altogether, treating it as a completely risk‑free feature is unwise. Staying vigilant and ensuring your PC remains clean are essential to protecting the data shared across your devices.