You do not want this spyware to get anywhere near your phone. If it does, security experts have just warned, it’s “capable of stealing SMS messages, call logs, capturing your photos, initiating calls, and sending mass SMS messages to the your contact list.”
The warning comes from Zimperium and the threat comes from ClayRat, which made its first appearance in the fall but has now returned with a vengeance. “ClayRat is a more dangerous spyware compared to its previous version where the victim could uninstall the application or turn off the device upon detecting the infection.”
It will come at you via a range of different apps, many of which copy leading titles including YouTube to trick you into an install. “To date, more than 700 unique APKs have been detected in a remarkably short timeframe.”
If you install an infected app, it will request default SMS privileges, which is bad enough, but also Accessibility Services, which is as dangerous as it gets. “Once the necessary permissions are granted, the malware automatically disables the Play Store by executing a series of on-screen clicks without requiring any interaction from the victim. This is done to disable security protections enforced by Google Play Protect.”
If granted permission to use Accessibility Services, ClayRat can steal your lock screen credentials, including PINs, passwords and even pattern locks — “it captures the sequence of nodes touched to trace the pattern.”
With that done, it can record your screen, intercept notifications on the phone and launch overlays, which are fake screens over real apps or screens, enabling the attacks to steal user names and passwords as they’re entered.
The primary warning here is to avoid sideloading apps, Stick to Play Store. And you definitely must not install mainstream titles — like YouTube or Chrome or WhatsApp or TikTok — from anywhere other than Google’s official store.
Also make sure you don’t disable Play Protect, regardless of the lure to install an app that requires you to do so. Also — and this really is critical — never grant Accessibility Services permissions to an app. These are designed for users with special needs. If that’s not you, there is no app on your phone that requires this system level access.
Act now — ensure Play Protect is enabled. “Open the Play Store app. At the top right, tap the profile icon. Tap Play Protect > Settings” and check everything is enabled.
