A new version of the CloudZ malware, utilizing a plugin named Pheno, exploits Microsoft Phone Link to steal SMS and one-time passwords (OTPs) from mobile devices without compromising them directly. This malware has been active since at least January 2026, and researchers recommend using alternative authentication methods to mitigate the risk.
The key insight here for a cybersecurity professional is the emergence of the CloudZ malware, which leverages the Microsoft Phone Link to intercept SMS and OTPs without compromising the mobile device itself. To mitigate such risks, it's crucial to move away from SMS-based OTPs and instead use phishing-resistant methods like hardware keys, as well as implementing Cisco Talos' indicators of compromise to enhance your threat detection and incident response capabilities.