ClayRat Android Malware Masquerades as WhatsApp & Google Photos

ClayRat, a rapidly evolving Android spyware campaign, has surged in activity over the past three months, with zLabs researchers observing more than 600 unique samples and 50 distinct droppers.

Primarily targeting Russian users, the malware masquerades as popular applications such as WhatsApp, Google Photos, TikTok, and YouTube, luring victims into installing malicious APKs via deceptive Telegram channels and phishing websites.

Once installed, ClayRat exfiltrates SMS messages, call logs, notifications, and detailed device information; captures photos with the front-facing camera; and even sends SMS messages or places calls directly from the victim’s device, turning each infection into a potent surveillance and distribution hub.

The campaign relies on a sophisticated mix of social engineering and web-based deception to exploit user trust.

Attackers register lookalike domains such as a fake GdeDPS landing page to redirect visitors to Telegram channels where the malicious APK is hosted.

Read More:

https://gbhackers.com/clayrat-android-malware/

 

Skip to content