Khaberni - Android systems are encountering a new malware named "ClayRat," which disguises itself as various popular services and apps such as "WhatsApp," "Google Photos," "TikTok," and "YouTube," capable of stealing text messages, call logs, notifications, and even taking photos directly from the phone's camera, according to a report by the tech site "Bleeping Computer."
The attack currently targets Russian users directly through "Telegram" channels and a range of malicious sites that offer downloads of infected versions of popular apps.
The cybersecurity mobile firm "Zimperium" has tracked over 600 attacks using this malware, in addition to finding 50 apps infected with it over the past three months.
The company adds that in some cases, the attack disguises itself as an update to existing apps in the "Google Play" store, while at other times it happens through external app store sites and "Telegram" channels that allow downloading apps outside the official store.
Afterward, the malware spreads itself by sending malicious files in messages to all contacts in the victim's original phone, as it completely takes over the text messaging services.
Zimperium has shared everything it found with "Google" in an effort to block the malicious software and stop it from spreading further. Google has already begun blocking its installation on Android phones through the "Play Protect" security feature.
This attack remains exclusive to Android phones due to its reliance on downloading apps outside the "Google Play" store, which is not an option on "Apple" phones.
