- Clayat Malware mimics popular apps to steal data and spread through victim contact lists
- It abuses Android’s SMS -Manager Role To bypass Permissions and Access Sensitive Content
- Over 600 variants found; Users need to stick to trusted app stores and use antivirus tools
A new Android Malware variant poses as popular apps, steals sensitive files and propagates further.
Experts from Zimperium revealed Clayat, who primarily targeted Russian users by counterfeit popular Android apps such as WhatsApp, Tiktok, Google Photos or YouTube, mostly distributed through telegram channels and standalone phishing -sites.
Through the typosquatting, the phishing -the places of viewers are fooling victims to believe that they are visiting a legitimate page and then redirecting them to telegram channels where Malware hosts.
How to remain safe
When the victims install Clayrate, it abuses Android’s Standard SMS trader role, allowing it to bypass standard driving permissions and access sensitive data without raising alarms.
“When an app is assigned this role, it gets broad access to SMS content and message features so that spyware can read, save and speed up text messages on scale,” Zimpi explained. “Unlike individual Runtime permits requiring approval per capacity, the SMS trader consolidates the role of several powerful options in a single authorization step.”
The sensitive data, it seems to be exfiltrate, include SMS messages, call logs, device data and photos taken by the front-facing camera. When stealing regardless of information it finds, Malware propagates further by sending a malicious download link to any contact in the victim’s phone book, making the infected device a powerful distribution node.
Whoever is behind Clayat is also active, Zimperium said. In the last three months alone, the researchers found more than 600 variants and 50 different drops, each with a separate clearer. However, they do not think that practice is unique to this threat actor, but rather proof of the “rising speed and sophistication” of today’s mobile threats.
“Clayrate demonstrates how attackers develop faster than ever, by combining social engineering, self -propagation and system abuse to maximize range,” said Shridhar Mittal, CEO of Zimperium.
To protect against these kinds of threats, only download apps from trusted sources, such as Google’s Play Store, or Apple’s App Store.
Also, a little pigeon diligence would not hurt by checking the number of downloads, the total review score and a few user comments.
Finally, it helps to have a mobile antivirus solution always, and it is also aware of the permissions assigned to different apps.
Follow Techradar on Google News and Add us as a preferred source To get our expert news, reviews and meaning in your feeds. Be sure to click the Follow button!
And of course you can too Follow Techradar at Tiktok For news, reviews, unboxings in video form and get regular updates from us at WhatsApp also.
