Mikkel Christensen
A newly discovered malware campaign is raising concerns among Windows users after researchers found it can access data from smartphones linked to PCs.
A newly discovered malware campaign is raising concerns among Windows users after researchers found it can access data from smartphones linked to PCs.
The attack reportedly targets Microsoft’s Phone Link feature, which syncs messages, calls and notifications between devices.
Hidden malware
According to Mezha, citing Cisco Talos researchers, the malware has been active since at least January 2026.
The campaign uses a remote access trojan known as CloudZ RAT along with a secondary plugin called Pheno.
Researchers said the infection may begin through a fake SmartConnect software update after attackers gain access to a system.
Phone Link danger
The malware reportedly focuses on devices connected through Microsoft Phone Link on Windows 10 and Windows 11.
Phone Link allows users to sync text messages, notifications, calls and files directly to their computers.
Cisco Talos researchers said attackers were particularly interested in SMS messages and one-time verification codes.
Passwords at risk
Once installed, the malware reportedly establishes an encrypted connection with remote servers controlled by attackers.
CloudZ can also extract browser credentials stored on the infected computer.
The Pheno plugin then scans Phone Link data stored locally on the PC and sends the information back to the attackers.
Why it matters
Cybersecurity experts have warned that deeper integration between phones and computers can create new security risks.
Apps designed for convenience may also expose highly sensitive information if a system becomes infected.
That can include login credentials, private messages and authentication codes.
Bigger picture
The discovery comes as Microsoft continues expanding Android and Windows integration features.
Future Windows updates are expected to add even more syncing tools between smartphones and PCs.
Researchers say users should avoid suspicious downloads and carefully verify software updates before installing them.
Sources: Mezha, Cisco Talos
