ClayRat: A New Android Spyware Targeting Russia
Essential information
- Published
- 10/10/2025 08:17
- Modified
- 10/10/2025 08:56
- Tags
- 2025-10-10 clayrat phishing sms spyware
- Related entities
- 200 observables, 9 techniques (mitre), 1 malware, 1 others
Description
ClayRat is a rapidly evolving Android spyware campaign primarily targeting Russian users. Distributed through Telegram channels and phishing sites, it masquerades as popular apps to lure victims. The spyware can exfiltrate SMS messages, call logs, notifications, and device information, as well as take photos and send SMS messages. It spreads aggressively by sending malicious links to the victim's contacts. Over 600 samples and 50 droppers have been observed in three months, with each iteration adding new obfuscation techniques. ClayRat abuses Android's default SMS handler role to bypass permission prompts and gain access to sensitive data. The campaign combines impersonation of trusted services, community distribution via Telegram, UX-level deception, and self-propagation through mass SMS forwarding.