Skip to content
- Cisco Talos discovered an intrusion, active since at least January 2026, where an unknown attacker implanted a CloudZ remote access tool (RAT) and a previously undocumented plugin called “Pheno.” - According to the functionalities of the CloudZ RAT and Pheno plugin, this was with the intention of stealing victims’ credentials and potentially one-time passwords (OTPs). - CloudZ utilizes the custo...
CloudZ RAT potentially steals OTP messages using Pheno plugin | Huntaegis