TL;DR
- Attackers are spreading CloudZ RAT via a fake ScreenConnect update that quietly installs malware.
- The malware can steal browser credentials and even pull data from Microsoft Phone Link using a plugin, putting synced phone and PC data at risk.
- If your PC is compromised, anything shared with your phone, including messages and OTPs, could be exposed. Installing software from trusted sources is the only way to stay cautious.
Microsoft Phone Link is designed to make your life easier by linking your phone to your PC. But a recent investigation (via Cisco Talos) shows how that same convenience can be exploited if things go wrong.
The researchers found an ongoing attack, active since January, in which hackers are installing a remote access tool called CloudZ RAT on Windows machines. It all starts in a way that barely raises suspicion. Victims are led to install what appears to be a routine ScreenConnect update, something most people wouldn’t think twice about, but it isn’t legitimate. The installer is fake; instead of updating anything, it installs a hidden program that pulls the actual malware.
​Â
