VERY IMPORTANT

ClayRat is a rapidly evolving Android spyware campaign primarily targeting Russian users. Distributed through Telegram channels and phishing sites, it masquerades as popular apps to lure victims. The spyware can exfiltrate SMS messages, call logs, notifications, and device information, as well as take photos and send SMS messages. It spreads aggressively by sending malicious links to the victim's contacts. Over 600 samples and 50 droppers have been observed in three months, with each iteration adding new obfuscation techniques. ClayRat abuses Android's default SMS handler role to bypass permission prompts and gain access to sensitive data. The campaign combines impersonation of trusted services, community distribution via Telegram, UX-level deception, and self-propagation through mass SMS forwarding.