GroupUnknown threat actor, attribution unconfirmedTypeModular RAT with novel MFA-interception pluginCVEsNone assigned. Exploits legitimate Windows application behaviour rather than a software vulnerabilityMalwareCloudZ RAT — modular .NET remote access tool with credential theft, screen recording, and C2 capabilities. Pheno — previously undocumented plugin that hijacks Microsoft Phone Link to intercept SMS messages and OTPs