Building on earlier research published in October 2025, Zimperium announced that its zLabs team has uncovered a significantly enhanced variant of ClayRat, an Android spyware family first detailed in the technical brief “ClayRat: A New Android Spyware Targeting Russia”.
While the original ClayRat strain was able to exfiltrate SMS messages, call logs, notifications, device data, take photos, and send mass SMS or place calls, effectively allowing infected devices to become distribution hubs. The newly observed variant demonstrates a substantial escalation in functionality and stealth. The updated strain abuses both Default SMS privileges and Accessibility Services, enabling it to:
