216.73.217.80

ClayRat: A New Android Spyware Targeting Russia

· Published 10/10/2025 08:17 · Modified 10/10/2025 08:56

Export JSON

Essential information

Published
10/10/2025 08:17
Modified
10/10/2025 08:56
Tags
2025-10-10 clayrat phishing sms spyware
Related entities
200 observables, 9 techniques (mitre), 1 malware, 1 others

Description

is a rapidly evolving Android campaign primarily targeting Russian users. Distributed through Telegram channels and sites, it masquerades as popular apps to lure victims. The can exfiltrate messages, call logs, notifications, and device information, as well as take photos and send messages. It spreads aggressively by sending malicious links to the victim's contacts. Over 600 samples and 50 droppers have been observed in three months, with each iteration adding new obfuscation techniques. abuses Android's default handler role to bypass permission prompts and gain access to sensitive data. The campaign combines impersonation of trusted services, community distribution via Telegram, UX-level deception, and self-propagation through mass forwarding.

External references