Zimperium has announced new research from its zLabs team exposing ClayRat, a rapidly expanding Android spyware campaign targeting Russian users.
Disguised as popular apps such as WhatsApp, TikTok, Google Photo and YouTube, ClayRat reportedly steals sensitive information including SMS, call logs, device data and front-camera photos; while exploiting Android’s default SMS handler role to bypass security prompts.
Once active, the mobile spyware is said to send malicious links to every contact in the victim’s phonebook, turning each infected device into a distribution hub.
In the last three months alone, Zimperium reportedly identified over 600 variants and 50 droppers, each using new obfuscation layers to evade detection.
This pace of evolution is said to underscore the increasing speed and sophistication of today’s mobile threats.
Shridhar Mittal, CEO of Zimperium said: “ClayRat demonstrates how attackers are evolving faster than ever, combining social engineering, self-propagation and system abuse to maximise reach.
“Our AI-driven mobile security ensures customers remain protected, even against campaigns designed to outpace traditional defences.”
