Skip to content
Tech News
← Back to articles

Your Phone Link setup on Windows could be at risk from this Trojan

2026-05-06 | original
read original get Microsoft Phone Link Adapter → more articles
Why This Matters

This recent malware campaign highlights the growing risks associated with seemingly legitimate software updates and the importance of vigilance when linking devices. For consumers and the tech industry, it underscores the need for robust security practices to protect sensitive data shared between phones and PCs, especially as remote access tools become more targeted by cybercriminals.

Key Takeaways

Tushar Mehta / Android Authority

TL;DR Attackers are spreading CloudZ RAT via a fake ScreenConnect update that quietly installs malware.

The malware can steal browser credentials and even pull data from Microsoft Phone Link using a plugin, putting synced phone and PC data at risk.

If your PC is compromised, anything shared with your phone, including messages and OTPs, could be exposed. Installing software from trusted sources is the only way to stay cautious.

Microsoft Phone Link is designed to make your life easier by linking your phone to your PC. But a recent investigation (via Cisco Talos) shows how that same convenience can be exploited if things go wrong.

The researchers found an ongoing attack, active since January, in which hackers are installing a remote access tool called CloudZ RAT on Windows machines. It all starts in a way that barely raises suspicion. Victims are led to install what appears to be a routine ScreenConnect update, something most people wouldn’t think twice about, but it isn’t legitimate. The installer is fake; instead of updating anything, it installs a hidden program that pulls the actual malware.

Once CloudZ is up and running, it starts behaving like a typical remote access trojan. It unlocks its configuration, connects to a remote server controlled by the attacker, and waits for instructions. From there, it can begin extracting sensitive data, including saved browser credentials, without raising obvious red flags.

Don’t want to miss the best from Android Authority? Set us as a favorite source in Google Discover to never miss our latest exclusive reports, expert analysis, and much more.

to never miss our latest exclusive reports, expert analysis, and much more. You can also set us as a preferred source in Google Search by clicking the button below.

This is where things take a more concerning turn. The malware downloads an additional plugin, reportedly called “Pheno,” that specifically targets Phone Link. It scans the app, collects related data, and stores it in a temporary folder. CloudZ then picks up that data and sends it back to the attacker’s server. What stands out here is how a feature meant to sync your devices can expose information across them if one side is compromised.

... continue reading

Explore topics: phone link microsoft cloudz rat screenconnect cisco talos
Related:
Microsoft’s Office and LinkedIn chief now runs Teams in latest reshuffle
Microsoft kills Gaming Copilot AI for Xbox consoles and mobile
Xbox is ditching Microsoft's Copilot AI
IBM didn't want Microsoft to use the Tab key to move between dialog fields
US to safety test new AI models from Google, Microsoft, xAI

© 2026 GoKawiil

About | Editorial Policy | Contact