A new spyware campaign is mimicking popular apps like TikTok, YouTube and WhatsApp in order to try and lure users into visiting phishing sites and downloading the ClayRat spyware.
As reported by The Hacker News, this campaign is also using Telegram channels in order to spread the spyware while the malicious sites are using artificially inflated download counts and manufactured testimonials in order to manufacture legitimacy.
Once installed, the spyware can exfiltrate a large amount of personal data like SMS messages, call logs, notifications and other device information. Additionally, it can take selfies with the front camera, send SMS messages and even place calls according to the researchers at the mobile security company Zimperium who discovered it. This is because it requires users make it the default SMS app, which gives it access to sensitive content and message functions. That way, it can capture this sensitive info and then leverage a victim's contacts to spread this malware to other targets.
Some ClayRat versions act as malware droppers, which appear as a lightweight installer that looks like a Play Store update screen. However, an encrypted payload is hidden within the apps assets. Fortunately though, this campaign is only targeting Russian users at the moment. However, in its report, Zimperium detected at least 600 samples and 50 droppers in the last 90 days. This indicates that each iteration of the ClayRat campaign is incorporating new layers of obfuscation to bypass being detected by security tools and the spyware could be used to target Android users in the U.S. and other English-speaking countries soon.
How to avoid spyware and malicious websites
Android users with Google Play Protect are safeguarded against known versions of this malware, as their devices come with this handy security tool pre-installed via Google Play Services. However, it never hurts to remember best practices when it comes to your online safety: Try to stick to known app manufacturers and websites, check the URLs of websites before visiting them and try not to click on sponsored links or ads as they can be used by hackers in their attacks.
Additionally, make sure all your devices are protected online with one of the best antivirus software solutions. While your phone like comes with Google Play Protect pre-installed, for additional security, you may want to consider running one of the best Android antivirus apps alongside it. At the same time, you want to make full use of extras included with your antivirus app or software like a VPN or a hardened browser and heed any alerts you see regarding potentially suspicious websites. Many of antivirus suites will also feature dark web alerts, identity monitoring, and more. All of these features can help protect you online and alert you immediately when something goes wrong.
As for ClayRat , given how many iterations of the spyware that have been detected so far, it's likely the cybercriminals behind it are working on new updates and adding extra malicious capabilities to it. For this reason, I don't see this spyware going away anytime soon and it's more likely that it will be used in attacks on Android users in other countries, so you'll want to keep your guard up to stay safe.
More from Tom's Guide
- Massive data leak just exposed the personal info of 6 million shoppers — how to stay safe
- Researcher finds security flaw in Gemini — but Google says it's not fixing it
- Discord customer info stolen in data breach — how to stay safe
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
