{
  "name": "ClayRat: A New Android Spyware Targeting Russia",
  "slug": "clayrat-a-new-android-spyware-targeting-russia",
  "description": "ClayRat is a rapidly evolving Android spyware campaign primarily targeting Russian users. Distributed through Telegram channels and phishing sites, it masquerades as popular apps to lure victims. The spyware can exfiltrate SMS messages, call logs, notifications, and device information, as well as take photos and send SMS messages. It spreads aggressively by sending malicious links to the victim's contacts. Over 600 samples and 50 droppers have been observed in three months, with each iteration adding new obfuscation techniques. ClayRat abuses Android's default SMS handler role to bypass permission prompts and gain access to sensitive data. The campaign combines impersonation of trusted services, community distribution via Telegram, UX-level deception, and self-propagation through mass SMS forwarding.",
  "published": "2025-10-10T06:17:49+00:00",
  "created_at": "2025-10-10T06:17:49+00:00",
  "modified_at": "2025-10-10T06:56:54+00:00",
  "created_at_opencti": "2025-10-10T06:17:49+00:00",
  "author": "",
  "confidence": null,
  "report_types": [],
  "labels": [],
  "tags": [
    "2025-10-10",
    "clayrat",
    "phishing",
    "sms",
    "spyware"
  ],
  "related_entities": {
    "observables": [
      {
        "id": "",
        "name": "http://actedsda.cfd/assets/ACTED"
      },
      {
        "id": "",
        "name": "https://zamok.claysrat.top/"
      },
      {
        "id": "",
        "name": "https://zam.claydc.top"
      },
      {
        "id": "",
        "name": "https://yuar.clayfenrirhuy.top/login"
      },
      {
        "id": "",
        "name": "https://yard.claybaster.top/login"
      },
      {
        "id": "",
        "name": "https://xosix.clay.rest/login"
      },
      {
        "id": "",
        "name": "https://word1.clayfenrirhuy.top/login"
      },
      {
        "id": "",
        "name": "https://venom.clayfenrirhuy.top/login"
      },
      {
        "id": "",
        "name": "https://trent.clayhusas.sbs"
      },
      {
        "id": "",
        "name": "https://tyler.clayratnik.top/login"
      },
      {
        "id": "",
        "name": "https://test.clayrat.top/login"
      },
      {
        "id": "",
        "name": "https://swg.clayratnik.top/login"
      },
      {
        "id": "",
        "name": "https://swaga.claybaster.top/login"
      },
      {
        "id": "",
        "name": "https://spb.clayfenrirhuy.top/login"
      },
      {
        "id": "",
        "name": "https://solmon.claysrat.top/login"
      },
      {
        "id": "",
        "name": "https://slim.claysrat.top/login"
      },
      {
        "id": "",
        "name": "https://rzt.clayfenrirhuy.top/login"
      },
      {
        "id": "",
        "name": "https://rushi.claysrat.top"
      },
      {
        "id": "",
        "name": "https://robert.clayfenrirhuy.top/login"
      },
      {
        "id": "",
        "name": "https://rober.clayfenrirhuy.top/login"
      },
      {
        "id": "",
        "name": "https://rizza.clayhusas.sbs/login"
      },
      {
        "id": "",
        "name": "https://riba.claysrat.top/login"
      },
      {
        "id": "",
        "name": "https://red.clayrat.top/login"
      },
      {
        "id": "",
        "name": "https://players1.clayhusas.sbs"
      },
      {
        "id": "",
        "name": "https://patrik.claybaster.top/login"
      },
      {
        "id": "",
        "name": "https://pasha.dig.clayhusas.sbs/login"
      },
      {
        "id": "",
        "name": "https://pasha.claydc.top/login"
      },
      {
        "id": "",
        "name": "https://pasha.claybaster.top/login"
      },
      {
        "id": "",
        "name": "https://pacy.clayhusas.sbs:58387"
      },
      {
        "id": "",
        "name": "https://packwa.claysrat.top/login"
      },
      {
        "id": "",
        "name": "https://packwa.claydc.top/login"
      },
      {
        "id": "",
        "name": "https://oslik.clayhusas.sbs:4793/"
      },
      {
        "id": "",
        "name": "https://np.claydc.top/login"
      },
      {
        "id": "",
        "name": "https://nora.claysrat.top/login"
      },
      {
        "id": "",
        "name": "https://none.clayfenrirhuy.top/login"
      },
      {
        "id": "",
        "name": "https://none.clay.rest/login"
      },
      {
        "id": "",
        "name": "https://mryes.clayratnik.top/login"
      },
      {
        "id": "",
        "name": "https://mih.clayratnik.top/login"
      },
      {
        "id": "",
        "name": "https://maybach.clayratnik.top/login"
      },
      {
        "id": "",
        "name": "https://magic.claybaster.top/login"
      },
      {
        "id": "",
        "name": "https://lite.trustnik.sbs/login"
      },
      {
        "id": "",
        "name": "https://leha.clay.rest/login"
      },
      {
        "id": "",
        "name": "https://kyverr.clayfenrirhuy.top/login"
      },
      {
        "id": "",
        "name": "https://karmah.clayfenrirhuy.top/login"
      },
      {
        "id": "",
        "name": "https://jimmy.clayratnik.top/login"
      },
      {
        "id": "",
        "name": "https://ipdidi.clay.rest/login"
      },
      {
        "id": "",
        "name": "https://imper1.clayhusas.sbs/login"
      },
      {
        "id": "",
        "name": "https://holojo.clayrat.top/login"
      },
      {
        "id": "",
        "name": "https://holik.claydc.top/login"
      },
      {
        "id": "",
        "name": "https://hapich.clayfenrirhuy.top/login"
      },
      {
        "id": "",
        "name": "https://gitelman.clayratnik.top/login"
      },
      {
        "id": "",
        "name": "https://gelya.clayfenrirhuy.top/login"
      },
      {
        "id": "",
        "name": "https://gelya.claybaster.top/login"
      },
      {
        "id": "",
        "name": "https://funtik.clayfenrirhuy.top/login"
      },
      {
        "id": "",
        "name": "https://fedor.clayratnik.top/login"
      },
      {
        "id": "",
        "name": "https://evgen.claybaster.top"
      },
      {
        "id": "",
        "name": "https://error.clayhusas.sbs/login"
      },
      {
        "id": "",
        "name": "https://chmo2.clayrat.top"
      },
      {
        "id": "",
        "name": "https://capone.clayhusas.sbs"
      },
      {
        "id": "",
        "name": "https://capone.claydc.top/login"
      },
      {
        "id": "",
        "name": "https://capone.claybaster.top/login"
      },
      {
        "id": "",
        "name": "https://califor.claydc.top/login"
      },
      {
        "id": "",
        "name": "https://buka.clayrat.top/login"
      },
      {
        "id": "",
        "name": "https://bimb.claybaster.top/login"
      },
      {
        "id": "",
        "name": "https://ataev2.claydc.top"
      },
      {
        "id": "",
        "name": "https://ataev.claybaster.top/login"
      },
      {
        "id": "",
        "name": "https://alyx.clayratnik.top/login"
      },
      {
        "id": "",
        "name": "https://allan.clayrat.top/login"
      },
      {
        "id": "",
        "name": "https://allan.claybaster.top/login"
      },
      {
        "id": "",
        "name": "https://admiral.clayfenrirhuy.top/login"
      },
      {
        "id": "",
        "name": "https://macmafia.top/"
      },
      {
        "id": "",
        "name": "youtubeplusandroid.ru"
      },
      {
        "id": "",
        "name": "antiradar.life"
      },
      {
        "id": "",
        "name": "actedsda.cfd"
      },
      {
        "id": "",
        "name": "zamok.claysrat.top"
      },
      {
        "id": "",
        "name": "zam.claydc.top"
      },
      {
        "id": "",
        "name": "yuar.clayfenrirhuy.top"
      },
      {
        "id": "",
        "name": "yard.claybaster.top"
      },
      {
        "id": "",
        "name": "xosix.clay.rest"
      },
      {
        "id": "",
        "name": "word1.clayfenrirhuy.top"
      },
      {
        "id": "",
        "name": "venom.clayfenrirhuy.top"
      },
      {
        "id": "",
        "name": "tyler.clayratnik.top"
      },
      {
        "id": "",
        "name": "trent.clayhusas.sbs"
      },
      {
        "id": "",
        "name": "test.clayrat.top"
      },
      {
        "id": "",
        "name": "swg.clayratnik.top"
      },
      {
        "id": "",
        "name": "swaga.claybaster.top"
      },
      {
        "id": "",
        "name": "spb.clayfenrirhuy.top"
      },
      {
        "id": "",
        "name": "solmon.claysrat.top"
      },
      {
        "id": "",
        "name": "slim.claysrat.top"
      },
      {
        "id": "",
        "name": "rzt.clayfenrirhuy.top"
      },
      {
        "id": "",
        "name": "rushi.claysrat.top"
      },
      {
        "id": "",
        "name": "robert.clayfenrirhuy.top"
      },
      {
        "id": "",
        "name": "rober.clayfenrirhuy.top"
      },
      {
        "id": "",
        "name": "rizza.clayhusas.sbs"
      },
      {
        "id": "",
        "name": "riba.claysrat.top"
      },
      {
        "id": "",
        "name": "red.clayrat.top"
      },
      {
        "id": "",
        "name": "players1.clayhusas.sbs"
      },
      {
        "id": "",
        "name": "patrik.claybaster.top"
      },
      {
        "id": "",
        "name": "pasha.dig.clayhusas.sbs"
      },
      {
        "id": "",
        "name": "pasha.claydc.top"
      },
      {
        "id": "",
        "name": "pasha.claybaster.top"
      },
      {
        "id": "",
        "name": "pacy.clayhusas.sbs"
      },
      {
        "id": "",
        "name": "packwa.claysrat.top"
      },
      {
        "id": "",
        "name": "packwa.claydc.top"
      },
      {
        "id": "",
        "name": "oslik.clayhusas.sbs"
      },
      {
        "id": "",
        "name": "np.claydc.top"
      },
      {
        "id": "",
        "name": "nora.claysrat.top"
      },
      {
        "id": "",
        "name": "none.clayfenrirhuy.top"
      },
      {
        "id": "",
        "name": "none.clay.rest"
      },
      {
        "id": "",
        "name": "mryes.clayratnik.top"
      },
      {
        "id": "",
        "name": "mih.clayratnik.top"
      },
      {
        "id": "",
        "name": "maybach.clayratnik.top"
      },
      {
        "id": "",
        "name": "magic.claybaster.top"
      },
      {
        "id": "",
        "name": "lite.trustnik.sbs"
      },
      {
        "id": "",
        "name": "leha.clay.rest"
      },
      {
        "id": "",
        "name": "kyverr.clayfenrirhuy.top"
      },
      {
        "id": "",
        "name": "karmah.clayfenrirhuy.top"
      },
      {
        "id": "",
        "name": "jimmy.clayratnik.top"
      },
      {
        "id": "",
        "name": "ipdidi.clay.rest"
      },
      {
        "id": "",
        "name": "imper1.clayhusas.sbs"
      },
      {
        "id": "",
        "name": "holojo.clayrat.top"
      },
      {
        "id": "",
        "name": "holik.claydc.top"
      },
      {
        "id": "",
        "name": "hapich.clayfenrirhuy.top"
      },
      {
        "id": "",
        "name": "gitelman.clayratnik.top"
      },
      {
        "id": "",
        "name": "gelya.clayfenrirhuy.top"
      },
      {
        "id": "",
        "name": "gelya.claybaster.top"
      },
      {
        "id": "",
        "name": "funtik.clayfenrirhuy.top"
      },
      {
        "id": "",
        "name": "fedor.clayratnik.top"
      },
      {
        "id": "",
        "name": "evgen.claybaster.top"
      },
      {
        "id": "",
        "name": "error.clayhusas.sbs"
      },
      {
        "id": "",
        "name": "chmo2.clayrat.top"
      },
      {
        "id": "",
        "name": "capone.clayhusas.sbs"
      },
      {
        "id": "",
        "name": "capone.claydc.top"
      },
      {
        "id": "",
        "name": "capone.claybaster.top"
      },
      {
        "id": "",
        "name": "califor.claydc.top"
      },
      {
        "id": "",
        "name": "buka.clayrat.top"
      },
      {
        "id": "",
        "name": "bimb.claybaster.top"
      },
      {
        "id": "",
        "name": "ataev2.claydc.top"
      },
      {
        "id": "",
        "name": "ataev.claybaster.top"
      },
      {
        "id": "",
        "name": "alyx.clayratnik.top"
      },
      {
        "id": "",
        "name": "allan.clayrat.top"
      },
      {
        "id": "",
        "name": "allan.claybaster.top"
      },
      {
        "id": "",
        "name": "macmafia.top"
      },
      {
        "id": "",
        "name": "admiral.clayfenrirhuy.top"
      },
      {
        "id": "",
        "name": "ffe06e16baa5ec1ad9ef2568a282711b076fbbae070a9afcbb7e7fef1c5412a9"
      },
      {
        "id": "",
        "name": "ed1d5d1f2457944120bf28e6ffebe8b1bff9309541e813be62228b27fa094e23"
      },
      {
        "id": "",
        "name": "e036d6115b847c2d54a2c1817a68d7f361e1a8db94b3fed0f023854d272c811f"
      },
      {
        "id": "",
        "name": "dd31317e300008061a4a06be1f788f16a7407865e9ecb52f5587db7252c064bc"
      },
      {
        "id": "",
        "name": "d34b235bd290d227a2572cd88c96e3ab5ccc07fa9f35e0e732a625287e17b591"
      },
      {
        "id": "",
        "name": "c728e507727032744c02c64a3d3a7cf6db706c52419c71c606022b88df31a1f1"
      },
      {
        "id": "",
        "name": "c1ea691fe2b0cd1df4f8f526104c41f7c975b3668882767f7c5775072b96324b"
      },
      {
        "id": "",
        "name": "b8eeb75011709d14900d52ed471585051b8b5c982291f0c6630afa19261938e0"
      },
      {
        "id": "",
        "name": "b8abc0dfaece826399d8b388e72ba7e47498d81c21e02841a3ce1b77a91a6604"
      },
      {
        "id": "",
        "name": "b5d54f02ebff3cb04c01af8b7c69ee66d4b66c33639fc12fa355581fb61e3887"
      },
      {
        "id": "",
        "name": "b3c963d2e55b1bd8cf250d2524389db491ce730d0a3281a9c57270428ff0c7c1"
      },
      {
        "id": "",
        "name": "b129ea9eda8b2a5a279b97b8786f1386071bf8ef643d42af137c91723bd908e8"
      },
      {
        "id": "",
        "name": "a7daf4e2d413a2bee15b4c4fb3f9364e61d0a697630785dd46f6a0f528cb3cbd"
      },
      {
        "id": "",
        "name": "9dcab98bc931cab390f32ad7c19e33ccf631d889eb44ab901ef345231423484f"
      },
      {
        "id": "",
        "name": "9a7fceb9925fd5a4248e6a323d8379051b55eb1526735b241f52c74040b6cfac"
      },
      {
        "id": "",
        "name": "9a74c0cbc0473322d9839ed3e3fe8248e612760636754267a08ed05df0d657ed"
      },
      {
        "id": "",
        "name": "983df753dfdd1d62a65499c2f5bbd9c3a4536cb357e830c52c1fe821d1717b4c"
      },
      {
        "id": "",
        "name": "948e9d3c355d36ae6e443b263499cf5860537856d1e06daa1988981b8de3e474"
      },
      {
        "id": "",
        "name": "8d8124151599a5e29ede8cae06e222e5c6c9ad54f112f3a448b6877d237914ef"
      },
      {
        "id": "",
        "name": "871e3dd07ba27ee9067690f5477a156b576bf5aef4d9b6298dfc943c678cc26b"
      },
      {
        "id": "",
        "name": "86d788a01728e42bf75ed292e377c11b02bce3aad31cd78d90f1528bc06975a7"
      },
      {
        "id": "",
        "name": "763124886c5aaf4fec64472ba2850dfbd188a169122ecc5958fdfb6371cf6366"
      },
      {
        "id": "",
        "name": "6f339c062ddab47c5a4bd2d681bd9a1e877086f47d3f3f09c751f5975af74d1c"
      },
      {
        "id": "",
        "name": "6e8d125b0ea8100e145999f765c115ce599a10daf175666ce9518cea2cea81a7"
      },
      {
        "id": "",
        "name": "655a4f32b87fc8538c3d32f79d67b2e78bae34d21cf9d0c0a47b534c03834669"
      },
      {
        "id": "",
        "name": "5e929c71fb6df7d17bfa6eaa265b68f91f2982f30e30d8a3e8040c1f900ae9da"
      },
      {
        "id": "",
        "name": "5506cdd9511132880d318fcff7ad012f4caa4cec499ecff1c8f845749f6bf956"
      },
      {
        "id": "",
        "name": "543d0c8488b279ec8e8bb6d887efcdfc2e972918362f33f6c8649dc26a2f9f93"
      },
      {
        "id": "",
        "name": "53563f6bee6c93f0d8b1896fcbb009fe07d4945f058200adb165b25f54702a25"
      },
      {
        "id": "",
        "name": "4f6fba4e0c3f773fcf7f5d75a9fe16bf7dab5a12b34d2e6f3a09a519d4892280"
      },
      {
        "id": "",
        "name": "4f4175cda6f59b73dfbecc54813ebe0f36d620a4457f2ce3c3ae4413d70bbe77"
      },
      {
        "id": "",
        "name": "4b9fb611bf9cb172ab8799e20a0ff6c453465e59a15820abb4e3d6de0198b14a"
      },
      {
        "id": "",
        "name": "48fb4b22b355310024bdc4f8102a8dc7f4edd8b1582a1fb7acc10ac804174e9d"
      },
      {
        "id": "",
        "name": "466d69ce0aa9c3ddee1ea72fb0f22738d1ea4190957acc3da0d166d64602e6d8"
      },
      {
        "id": "",
        "name": "3b93bff4fbd7dc37d4d58f447639a65273199398c10a13380b485a1436ed4b04"
      },
      {
        "id": "",
        "name": "3b0dc6e75b74025eadb1ed3c42ede47cc759f50252bfb6b443bf81a2e4bd148a"
      },
      {
        "id": "",
        "name": "36694f4279081afaeefe4dbbc0130c9f97487c554702026d636511f4479276fe"
      },
      {
        "id": "",
        "name": "3564907f28514f56f245d72d2f507755a23f921eef3591f05de7bbb53caaa159"
      },
      {
        "id": "",
        "name": "350a625381e203307056fa49064f3c4e8bbf91a1c92fad255326d730c0dbcd7f"
      },
      {
        "id": "",
        "name": "32aca11e8f8fa3fad7ab54c6a3b4b7bd02e75f7459a5c9908610b4b9589b9d79"
      },
      {
        "id": "",
        "name": "2db8a96aa6842dd5bd0f10259bfac30bda80cc357b92375ecf965955cd69b7af"
      },
      {
        "id": "",
        "name": "2abcc83f5dc9ab144fe31a0076e6f845835a2d8677db119409f8b9cb954a4262"
      },
      {
        "id": "",
        "name": "23df6b37b016d63b73ef47ee14afec6280235b7695d8cd0d5b218fed0a922b3c"
      },
      {
        "id": "",
        "name": "23c71c68095372177de636da4bd1f4021efa33cbdeaa28d9455f66e98bfa8cfe"
      },
      {
        "id": "",
        "name": "20ceabc548bf126d2c8abfb6f6cc3f6de1f9f6bbbd963231d4138f9ef3d67d9d"
      },
      {
        "id": "",
        "name": "20cc6462dadd7fa78954e1e21a063f4b03aec5c6642f71b5156421370cabb62d"
      },
      {
        "id": "",
        "name": "1f1b3c2d996bbf61eb8b8f1cce7e42e6f8d5e97dbe0a218f2d1e1c497530cb6c"
      },
      {
        "id": "",
        "name": "15ce5f6fc76456459b7362848c3347cdf3735f3991e31434b9391ae24efd1fb8"
      },
      {
        "id": "",
        "name": "12d0b9a1ffc2cdbad513c800c8c4e50ec2d519c12921f01c9f24dfa85ae81592"
      },
      {
        "id": "",
        "name": "0b1b6b67cf5374fdb2eb201d274c55e511f67b482a261a3044f176b96a6d5009"
      },
      {
        "id": "",
        "name": "07e41a4e4f9b21b0457530bda84e77cef5824d407a9db74f04410c9e81834901"
      },
      {
        "id": "",
        "name": "ffb80243abf2c92012149f8a70aa9b02bcd6786744adfe687b9342c21a9f2e40"
      },
      {
        "id": "",
        "name": "ff91bc602e6f20f67fbf82d7d5c4c549f3af65bd8bc383f2fd6f4d23f737874a"
      },
      {
        "id": "",
        "name": "ff71869d7ef2ae4c70e8202a09fe2945632de85304484ac9284476a53c740185"
      },
      {
        "id": "",
        "name": "ff30c838561282fcc112207a03629a950b62a1357b4271908ebbe191f4bd0097"
      },
      {
        "id": "",
        "name": "fef72b8fb61cadbd937613d4a29a32e89d5b72f8ea1e07170ca5039b31c30fe9"
      }
    ],
    "malware": [
      {
        "id": "3398231e-c829-4fc2-81a9-ead0f7aa33ea",
        "name": "ClayRat",
        "slug": "clayrat"
      }
    ],
    "attack_patterns": [
      {
        "id": "9eeea022-5ad1-4833-b325-8467a073f5f4",
        "name": "T1454"
      },
      {
        "id": "0688de98-b66c-4afb-a138-74f47dfe543c",
        "name": "T1433"
      },
      {
        "id": "3899cc05-a24e-4cc2-832c-958e78149907",
        "name": "T1402"
      },
      {
        "id": "cc645def-9b23-446a-a343-ff285caa1a9e",
        "name": "T1437"
      },
      {
        "id": "d41d23f8-8b6f-4ffa-ac71-e0ee226577e2",
        "name": "T1426"
      },
      {
        "id": "c0f3b3b5-2ca6-488b-ad0f-4f8b9117c5e9",
        "name": "T1582"
      },
      {
        "id": "6ccd4566-e15e-40cf-b7df-4a3f737ce5cd",
        "name": "T1036.005"
      },
      {
        "id": "fa3b8b48-d97c-4242-83a6-07d435a5a79e",
        "name": "T1041"
      },
      {
        "id": "d9b45b3b-d093-4016-89e9-48f31ff4d05d",
        "name": "T1566"
      }
    ],
    "others": [
      {
        "id": "",
        "name": "Russian Federation"
      }
    ]
  },
  "external_refs": [
    "https://zimperium.com/blog/clayrat-a-new-android-spyware-targeting-russia",
    "https://otx.alienvault.com/pulse/68e8c12eb7ebbc52304b33bc"
  ]
}