What to do if I shared my OTP in a CloudZ RAT scam?

Immediately contact your bank using their helpline (SBI 1800-11-1109 or HDFC 1800-202-6161) to freeze your account. Report the incident to 1930 or visit cybercrime.gov.in.

How can I identify if I’m targeted by the CloudZ RAT?

Look out for unexpected requests for your OTPs, messages from unknown contacts, or links prompting you to verify your information. Be cautious of automated responses claiming to be tech support.

How can I report this type of scam in India?

Report the scam through the cybercrime helpline at 1930 or file a complaint on cybercrime.gov.in. Additionally, notify your bank's fraud department.

How do I recover my money or secure my account after this scam?

Contact your bank to discuss recovery options and secure your accounts. Change all passwords immediately and monitor for further unauthorized access.

CloudZ RAT Exploits Microsoft Phone Link for OTP Interception

INDIA — By BharatSecure Threat Intelligence Team · Updated May 07, 2026

Verdict: Suspicious | Risk Score: 7/10 | Severity: high

Category: otp_fraud

How CloudZ RAT Exploits Microsoft Phone Link for OTP Interception Works

The CloudZ RAT is actively exploiting Microsoft Phone Link to intercept SMS messages and One-Time Passwords (OTPs) without directly infecting mobile phones. This attack, ongoing since January 2026, facilitates credential theft and bypasses two-factor authentication by leveraging synced data.

How This Scam Works — Detailed Explanation

The CloudZ RAT (Remote Access Trojan) is a significant cybersecurity threat that exploits vulnerabilities in Microsoft's Phone Link, a feature that allows users to sync their Android phones with Windows computers. Scammers identify potential victims primarily on social media platforms like WhatsApp and Facebook, where they undergo a lengthy grooming process. The setup usually begins with a phishing link shared through a seemingly innocuous message, possibly impersonating a trusted brand or service. Once the victim engages with this link, they may inadvertently grant the scammer access to their device's notifications and messages.

Scammers leverage social engineering techniques to manipulate victims emotionally. They may present themselves as tech support agents or financial consultants, creating a sense of trust and urgency. Victims are often told they need to take immediate action regarding their bank accounts or investments, tricking them into sharing sensitive information like OTPs or even their Aadhaar numbers. By using misleading language and creating false scenarios, these scammers make their attacks personalized and convincing. The criminals strategically approach victims who are likely to be less tech-savvy, increasing the chances of success in intercepting confidential information.

Once a victim has been entrapped, the ramifications can be severe. For example, consider someone who has linked their UPI account to their mobile number. Once OTPs that arrive via SMS are intercepted, the attacker can perform unauthorized transactions without physical access to the victim's phone. Victims can unknowingly fall prey to large financial losses because the attacker can quickly siphon funds from their accounts via UPI or other money transfer services. In some cases, the scam can escalate further, allowing attackers to access even more sensitive data and perform identity theft, leveraging their control over linked Aadhaar accounts and bank services.

The financial impact of such scams in India is staggering. According to reports from the Ministry of Home Affairs and the Reserve Bank of India, losses due to OTP fraud have surged in recent years, with estimates surpassing ₹200 crore lost in the last fiscal year alone. As operators of the CloudZ RAT continue to exploit unsuspecting victims, it is crucial for users to remain vigilant. The government has developed advisories through CERT-In to highlight the dangers of such attacks and stresses the importance of keeping personal information secure.

To successfully differentiate between legitimate communications and scam attempts, look out for several warning signs. First, genuine communications from banks or service providers will never ask for sensitive information like OTPs via text or direct messages. Additionally, be cautious of slightly misspelled URLs or unusual sender details, as these are often red flags of phishing attacks. Another warning is pressure tactics—scammers often create urgency to force a rushed decision. Legitimate organizations will typically allow time for consideration before any necessary actions. Always cross-verify communications directly through official channels.

Visual Intelligence:

BharatSecure's AI has identified this as a used in scams targeting Indian users.

Who Does CloudZ RAT Exploits Microsoft Phone Link for OTP Interception Target?

General public across India

Red Flags — How to Identify CloudZ RAT Exploits Microsoft Phone Link for OTP Interception

CloudZ RAT
Microsoft Phone Link
SMS interception
OTP bypass
credential theft
2FA bypass

What To Do If You Encounter CloudZ RAT Exploits Microsoft Phone Link for OTP Interception

Report the incident immediately by calling the cybercrime helpline at 1930 or visiting cybercrime.gov.in.
Change your passwords for all accounts connected to your phone and enable two-factor authentication immediately.
Contact your bank's helpline (e.g., SBI 1800-11-1109 or HDFC 1800-202-6161) to alert them of potential fraud.
Monitor your bank statements and transactions closely for any unauthorized activity.
Educate friends and family about the scam, sharing details about the CloudZ RAT and how it operates.
Regularly update your phone's security settings and applications to protect against vulnerabilities.

How to Report CloudZ RAT Exploits Microsoft Phone Link for OTP Interception in India

Call 1930 — National Cyber Crime Helpline (24x7)
File a complaint at cybercrime.gov.in
Contact your bank immediately if money was lost
Call RBI helpline: 14440 for banking fraud

Frequently Asked Questions

What to do if I shared my OTP in a CloudZ RAT scam?: Immediately contact your bank using their helpline (SBI 1800-11-1109 or HDFC 1800-202-6161) to freeze your account. Report the incident to 1930 or visit cybercrime.gov.in.
How can I identify if I’m targeted by the CloudZ RAT?: Look out for unexpected requests for your OTPs, messages from unknown contacts, or links prompting you to verify your information. Be cautious of automated responses claiming to be tech support.
How can I report this type of scam in India?: Report the scam through the cybercrime helpline at 1930 or file a complaint on cybercrime.gov.in. Additionally, notify your bank's fraud department.
How do I recover my money or secure my account after this scam?: Contact your bank to discuss recovery options and secure your accounts. Change all passwords immediately and monitor for further unauthorized access.

Related Scams in India

Verify Any Suspicious Message

Check any suspicious message, link, or call for free at bharatsecure.app. BharatSecure uses AI to detect scams in real-time and protect Indian users.