Summary is AI-generated, newsdesk-reviewed
  • Zimperium's zLabs identifies ClayRat spyware targeting Russian Android users with disguised popular apps.
  • ClayRat exploits SMS handler role to spread, creating each infected device as a distribution hub.
  • 600+ variants found exploiting obfuscation to evade detection, reflecting rising mobile threat sophistication.
Related Links

In a significant development for mobile security, Zimperium has unveiled its discovery of a sophisticated spyware campaign named ClayRat, which is rapidly expanding its reach among Android users in Russia. This spyware is cleverly disguised as well-known apps like WhatsApp, TikTok, Google Photos, and YouTube, and it has the capability to extract sensitive data such as SMS messages, call logs, device information, and even photos taken with the device’s front camera.

New Obfuscation Layers and Distribution Tactics

ClayRat employs advanced tactics by exploiting Android’s default SMS handler role to circumvent security prompts. Once installed, the spyware sends malicious links to all contacts in a victim's phonebook, effectively using each compromised device as a distribution centre. This rapid propagation strategy highlights the increasing complexity and speed at which mobile threats are evolving.

Over the past three months, Zimperium has identified more than 600 variants alongside 50 different droppers. Each variant employs new obfuscation techniques to remain undetected, underscoring the heightened pace and sophistication of such threats.

AI-Driven Security Solutions

According to Shridhar Mittal, CEO of Zimperium, “ClayRat demonstrates how attackers are evolving faster than ever, combining social engineering, self-propagation, and system abuse to maximise reach.” He emphasised the importance of their AI-driven mobile security solutions, which ensure user protection against evolving threats that aim to outpace traditional security measures.

Collaboration with Google for Enhanced Protection

Zimperium’s Mobile Threat Defense and Mobile Runtime Protection solutions were able to detect ClayRat from its initial appearance, proving their effectiveness without the need for updates. Additionally, Zimperium, as a partner of the App Defense Alliance, has shared these findings with Google. This collaboration benefits Android users by enhancing their protection through Google Play Protect.

Key Findings on ClayRat Spyware

  • Discovered over 600 spyware samples in a mere 90 days.
  • Uses SMS handler role to bypass security measures seamlessly.
  • Spreads via contact lists, turning each device into a network hub.
  • Capable of stealing sensitive information such as messages, call logs, and photos.

This research underscores the critical importance of staying vigilant and investing in robust mobile security solutions to protect against these ever-evolving threats.

From facial recognition to LiDAR, explore the innovations redefining gaming surveillance

Show full press release

Related videos

Insta DomainLink Secret™

Insta DomainLink Secret™
Wan 2.2-S2V demo video: Female singer

Wan 2.2-S2V demo video: Female singer
Dahua MultiVision Online Event - Look Wider, Protect Deeper

Dahua MultiVision Online Event - Look Wider, Protect Deeper

In case you missed it

What are emerging applications for physical security in transportation?
What are emerging applications for physical security in transportation?

Transportation systems need robust physical security to protect human life, to ensure economic stability, and to maintain national security. Because transportation involves moving...

Gallagher & Fortified enhance perimeter security solutions
Gallagher & Fortified enhance perimeter security solutions

Global security manufacturer - Gallagher Security is proud to announce a strategic partnership with Fortified Security, a pioneering perimeter systems integrator with over 30 years...

Genetec: Data sovereignty in physical security
Genetec: Data sovereignty in physical security

Genetec Inc., the global pioneer in enterprise physical security software, highlights why data sovereignty has become a central concern for physical security leaders as more survei...

Featured white papers
Aligning physical and cyber defence for total protection

Aligning physical and cyber defence for total protection

Download
Understanding AI-powered video analytics

Understanding AI-powered video analytics

Download
Enhancing physical access control using a self-service model

Enhancing physical access control using a self-service model

Download
How to implement a physical security strategy with privacy in mind

How to implement a physical security strategy with privacy in mind

Download
Security and surveillance technologies for the casino market

Security and surveillance technologies for the casino market

Download
More corporate news
dormakaba's Quantum Pixel+ Lock: ICONIC AWARD 2025

dormakaba's Quantum Pixel+ Lock: ICONIC AWARD 2025
WAGNER Group wins GIT SECURITY AWARD 2026

WAGNER Group wins GIT SECURITY AWARD 2026
Honeywell & LS ELECTRIC: Data centre power solutions

Honeywell & LS ELECTRIC: Data centre power solutions
Featured products
Dahua Smart Dual Illumination Active Deterrence Network PTZ Camera

Dahua Smart Dual Illumination Active Deterrence Network PTZ Camera
Hikvision DS-K6B630TX: Smart Pro Swing Barrier for Modern Access Control

Hikvision DS-K6B630TX: Smart Pro Swing Barrier for Modern Access Control
Climax Mobile Lite: Advanced Personal Emergency Response System (PERS)

Climax Mobile Lite: Advanced Personal Emergency Response System (PERS)