Attacks Abuse Windows Phone Link to Steal Texts & Bypass 2FA

Cisco Talos describes an ongoing campaign where attackers deliver the CloudZ RAT and a novel Pheno plug-in to Windows machines to abuse the Phone Link (Your Phone) cross-device sync, enabling interception of SMS messages and OTPs from paired mobile devices without deploying mobile malware; researchers observed deployment artifacts, provided IoCs and detection guidance, and warned this can enable 2FA bypass.