CloudZ RAT Exploits Microsoft Phone Link for OTP Interception — How to Identify & Stay Safe

INDIA — By BharatSecure Threat Intelligence Team · Updated May 07, 2026

Severity: HIGH | View Full Scam Details

CloudZ RAT Scam in India 2026: How Cybercriminals Exploit Microsoft Phone Link to Steal Your OTP

A rising cyber threat in India involves the CloudZ Remote Access Trojan (RAT), which cybercriminals use to intercept your OTPs through Microsoft Phone Link, putting your UPI and bank accounts at high risk.

What Is the CloudZ RAT Exploits Microsoft Phone Link for OTP Interception?

The CloudZ RAT scam is a sophisticated cyberattack targeting Indian smartphone users who connect their Android devices to Windows PCs using Microsoft’s Phone Link feature. This feature is designed to sync messages, calls, and notifications between your phone and computer for convenience. However, fraudsters have discovered how to misuse it to gain unauthorized access to your OTPs (One-Time Passwords) — the key security step in many financial transactions, including UPI payments.

This scam primarily targets Indian internet users active on social platforms like WhatsApp and Facebook, where scammers identify potential victims. The grooming process may last days or weeks, building trust before tricking victims into clicking malicious phishing links. These links, disguised as messages from trusted brands or government services, prompt victims to unknowingly grant scam apps notification and message access. Once inside, scammers easily intercept OTPs used for banking, Aadhaar authentication, and more.

In India, where UPI transactions are skyrocketing and mobile banking is widespread, this scam poses a high risk (severity 7/10). Authorities like CERT-In (Indian Computer Emergency Response Team) and the I4C (Indian Cybercrime Coordination Centre) have flagged such RAT-based threats as emerging concerns. Meanwhile, RBI has reiterated that no legitimate entity will ever ask for your OTP or personal banking credentials over calls or messages, emphasizing user vigilance.

How This Scam Works — Step by Step

1. Initial Contact: Scammers reach out via WhatsApp or Facebook Messenger with casual or urgent messages that may seem familiar or official. Examples include fake “bank alerts,” “UPI approval assistance,” or “tech support” messages.
2. Phishing Link Shared: The victim receives a link cleverly disguised as something useful, such as “Login to verify account” or “Claim your prize.” Clicking it downloads an app or prompts approval requests.
3. Permission Granting: Victims unknowingly give access to notifications and messages on their Android device, often without realizing the full extent of permissions.
4. Microsoft Phone Link Exploitation: Once the phone is synced with a Windows PC using Microsoft Phone Link, the attacker remotely accesses OTP notifications and messages in real time.
5. OTP Interception & Fraud: Using intercepted OTPs, scammers quickly authorize fraudulent UPI payments, mobile recharge scams, or even Aadhaar-linked account verifications.
6. Monetary Loss: Within minutes or hours, victims notice unauthorized bank debits, often struggling to reverse UPI payments due to the instantaneous nature of transactions.
7. Further Social Engineering: Sometimes scammers continue manipulating victims emotionally, pretending to help with “account recovery” or requesting more details, deepening the breach.

Real Warning Signs to Watch For

• Unexpected WhatsApp or Facebook messages with urgent calls to action involving your bank or Aadhaar.
• URLs in messages that don’t match official website addresses or contain misspellings.
• Requests to install apps or allow device permissions unrelated to the service claimed.
• Unfamiliar pop-ups seeking access to notifications or SMS on your phone.
• Sudden prompts to link your Android device with a Windows PC via Phone Link without your initiation.
• OTP messages appearing on your computer screen without you opening apps or banking portals.
• Unexplained notifications about UPI payments or bank alerts on the wrong device.

What Happens to Victims

Victims of the CloudZ RAT scam in India often suffer immediate financial loss as scammers drain bank accounts through UPI or mobile wallets. Since UPI transactions are nearly instant, reversing fraudulent debits is challenging—victims must rely on quick reporting and bank intervention. Additionally, identity theft through Aadhaar misuse and SIM swap scams can worsen the damage, as scammers combine access to OTPs with personal identification to create new fraud avenues.

Emotionally, victims face stress, anxiety, and sometimes social embarrassment—especially if scam funds are withdrawn or exchanged across accounts. Many lose trust in digital payments and hesitate to use online banking after such incidents. This exploit also highlights the vulnerability of everyday users who trust their connected devices but lack awareness of how such RAT malware operates.

What RBI and CERT-In Say

The Reserve Bank of India (RBI) and CERT-In have repeatedly warned users about the rise of RAT malware and OTA interception scams. RBI’s 2024 advisories urge users never to share OTPs, passwords, or CVV details over phone calls, texts, or social media. They emphasize using official banking apps and continuously monitoring bank statements for suspicious transactions.

CERT-In, through I4C, maintains a 24x7 cybercrime helpline (phone: 1930). They recommend installing apps only from trusted sources (Google Play Store) and avoiding unknown links from messaging apps. Moreover, CERT-In advocates for disconnecting the Microsoft Phone Link connection if unusual notification or message behavior is noticed. Both bodies encourage reporting cyber fraud immediately to minimize losses and aid investigation.

How to Protect Yourself

1. Avoid Clicking Unverified Links: Don’t open links from unknown or suspicious WhatsApp/Facebook messages.
2. Check App Permissions Carefully: Never grant notification or SMS access without understanding why.
3. Review Microsoft Phone Link Settings: Disable syncing if you don’t actively use this feature or link devices.
4. Use UPI Transaction Limits: Set lower per-transaction limits via your bank or UPI app.
5. Keep Software Updated: Regularly update Windows, Android OS, and antivirus apps to patch vulnerabilities.
6. Enable Two-Factor Authentication (2FA): Use bank apps that offer additional verification beyond OTP.
7. Be Wary of Unsolicited Tech Support Calls: Banks and government agencies never ask for your OTP or banking info over calls.

What to Do If You've Been Targeted

• Immediately call your bank’s fraud helpline to freeze accounts and block UPI transactions.
• Report the incident to the National Cyber Crime Reporting Portal at cybercrime.gov.in.
• Contact the CERT-In/I4C helpline at 1930 to register your complaint and seek guidance.
• Change all related passwords and PINs on your phone, banking apps, and email.
• Unlink your Android device from Microsoft Phone Link and uninstall suspicious apps.
• Inform your mobile operator if you suspect SIM swap or Aadhaar misuse.
• Keep records of all scams-related communications for evidence during investigation.

Frequently Asked Questions

Q: Can Microsoft Phone Link itself cause security risks?
A: No, Phone Link is a legitimate Microsoft feature. Risks arise only if scammers trick you into linking your device or granting access to malware posing as authentic apps.

Q: How quickly can scammers withdraw money after OTP interception?
A: Usually within minutes. UPI transactions are near-instant, so immediate reporting is critical to prevent or minimize loss.

Q: Will banks refund my money if I fall victim to this scam?
A: RBI guidelines encourage banks to refund fraud victims if negligence is not proven on their part, but victims must report fraud swiftly and provide evidence.

Stay alert and protect your digital life. Verify suspicious messages, apps, and calls at BharatSecure.app — India’s trusted platform for digital fraud awareness.