CloudZ Malware Abuses Phone Link to Steal SMS OTPs
Cisco Talos uncovers CloudZ RAT and Pheno plugin abusing Microsoft Phone Link to intercept SMS OTPs
SMS is used for login codes and alerts, but text messages can be intercepted, spoofed, or redirected through phone-account attacks.
Search across headline titles and summaries.
Background for this topic.
SMS (Short Message Service) is a standardized mobile-network service for sending short text messages between phone numbers. It is widely used for person-to-person communication, service notifications, and one-time authentication codes, but messages are generally not end-to-end encrypted and may be visible to mobile operators or infrastructure handling delivery.
Security concerns include smishing—phishing delivered by text—along with sender-ID spoofing, malicious links, and social engineering. Account recovery and SMS-based multi-factor authentication can also be undermined when an attacker takes control of a phone number through SIM swapping, abuses carrier processes, or exploits signaling-system weaknesses. Organizations should avoid treating SMS as a high-assurance authentication factor where stronger options are practical, restrict sensitive content in texts, monitor number-change and authentication events, and train users to verify unexpected messages through a trusted channel.
Weekly headline count for the current query.
Cisco Talos uncovers CloudZ RAT and Pheno plugin abusing Microsoft Phone Link to intercept SMS OTPs
Espionage campaign exploits Israel-Iran conflict, distributing a trojanized Red Alert app via SMS
Juniper Research predicts a $9bn drop in losses to SMS fraud next year
New Android malware Qwizzserial has infected 100,000 devices, primarily in Uzbekistan, stealing SMS data via Telegram distribution
The FBI has warned about an ongoing smishing and vishing scheme using AI deepfakes to impersonate US officials
The UK government has announced that it will be replace its current SMS verification system with passkeys by the end of 2025
Indian banking malware attack exposes 50,000 users, stealing financial data via SMS interception and phishing
Fraudsters in UAE posed as Dubai Police, targeting citizens with fake fines via calls, emails and SMS
Xeon Sender features SMS spam via APIs, Nexmo/Twilio credentials validation and phone number generation
Discovered by Zimperium’s zLabs team, the SMS Stealer malware was found in over 105,000 samples
Two individuals are believed to have used a homemade mobile antenna to send thousands of SMS phishing messages
According to Enea, these campaigns use cloud storage platforms to host malicious websites, sending links via SMS to bypass firewalls
Telco EE warns of surge in text-based phishing messages as Christmas approaches
The move comes after threat actors compromised developers’ accounts
Small businesses are particularly vulnerable
Hackers discussed how to use stolen payment cards and bypass geo controls and SMS limitations
The action was prompted by the Android malware spreading aggressively through SMS around the world
The consultation will focus on legal mechanisms to restrict the use of Huawei in the UK's infrastructure due to national security concerns
Members intercepted SMS codes to access victim bank accounts
Extradition for tycoon suspected in $41m auto-subscription fraud scheme