*A sophisticated Android spyware campaign, dubbed ClayRat, is tricking users by posing as well-known apps like TikTok, WhatsApp, and YouTube.
Cybercriminals promote these malicious apps through phishing websites and Telegram channels, using fake download numbers and fabricated reviews to build trust, according to The Hacker News, as reported by Tom’s Guide.
Once installed, ClayRat burrows deep into a user’s device, harvesting sensitive information. “… it can take selfies with the front camera, send SMS messages and even place calls,” Tom’s Guide notes. By prompting users to set it as the default SMS app, the spyware intercepts messages and exploits contact lists to spread further.
Zimperium researchers have identified ClayRat’s tactics, including variants that function as “malware droppers” disguised as Google Play update screens. These droppers hide encrypted payloads in their assets, enabling stealthy attacks. While the campaign currently targets Russian Android users, Zimperium’s detection of 600 samples and 50 droppers in the past 90 days suggests potential global expansion.
Scroll to continue reading
Protection against ClayRat is bolstered by Google Play Protect, a default security feature in Play Services. Experts recommend downloading apps only from verified sources, double-checking website URLs, and steering clear of sponsored links. Running trusted antivirus software alongside Play Protect can further enhance security, with many tools offering VPNs and dark web monitoring.
Zimperium cautions that the ongoing evolution of ClayRat variants indicates cybercriminals are actively refining their approach, signaling a persistent threat.
MORE NEWS ON EURWEB.COM: TikTok Influencer Sparks Debate Over Latino Cultural Issues in Wake of Celeste Rivas Hernandez’s Tragic Death
Sign up for our Free daily newsletter HERE.
