Zimperium's AI-Driven Solutions For Mobile Threat Defense

10 Oct 2025

Contact company

Add as a preferred source Download PDF version

Quick Read ⌵

Summary is AI-generated, newsdesk-reviewed

Zimperium's AI-driven mobile security detects fast-evolving Android spyware, ClayRat, targeting Russian users.
ClayRat disguises as popular apps, stealing SMS, call logs, and sending malicious links.
Over 600 spyware samples identified, abusing SMS roles to bypass security and spread quickly.

Zimperium, a leader in mobile security innovation, has unveiled critical research from its zLabs team revealing ClayRat, a rapidly growing Android spyware operation. This campaign is targeting Russian users by disguising itself as popular applications like WhatsApp, TikTok, Google Photos, and YouTube. The spyware is designed to extract sensitive information such as SMS, call logs, device data, and photos taken from the device's front camera.

Advanced Obfuscation Strategies

The ClayRat spyware cleverly exploits Android's default SMS handler role to circumvent security alerts. Once installed, it disseminates malicious links to all contacts listed in the victim's phonebook, effectively transforming each compromised device into a hub for further distribution. Over the past three months, Zimperium has tracked more than 600 variants and 50 droppers, each employing new layers of obfuscation to avoid detection, showcasing the escalating pace and complexity of mobile security threats.

AI-Driven Mobile Threat Defense

Shridhar Mittal, CEO of Zimperium, commented on the evolving landscape of mobile threats: "ClayRat demonstrates how attackers are evolving faster than ever, combining social engineering, self-propagation, and system abuse to maximize reach." Zimperium's AI-powered mobile security solutions are designed to shield clients from threats that aim to surpass traditional security measures.

Enhanced User Protection

Zimperium’s advanced solutions, including Mobile Threat Defense and Mobile Runtime Protection, successfully identified ClayRat samples as soon as they emerged. This proactive detection ensures users' safety without depending on post-infection updates. Additionally, as part of the App Defense Alliance, Zimperium has shared its comprehensive research with Google, augmenting protection for Android users through Google Play Protect.

Key Findings

Over 600 spyware variants identified in 90 days
Utilizes SMS handler role to avoid security prompts
Propagates through contacts, each device acts as a distribution hub
Extracts sensitive data including SMS, call logs, and device photos

Show full press release

Zimperium, the world's pioneer in mobile security, announced new research from its zLabs team exposing ClayRat, a rapidly expanding Android spyware campaign targeting Russian users.

Disguised as popular apps, such as WhatsApp, TikTok, Google Photos, and YouTube, ClayRat steals sensitive information, including SMS, call logs, device data, and front-camera photos.

New obfuscation layers

While exploiting Android’s default SMS handler role to bypass security prompts

While exploiting Android’s default SMS handler role to bypass security prompts. Once active, it sends malicious links to every contact in the victim’s phonebook, turning each infected device into a distribution hub.

In the last three months alone, Zimperium identified over 600 variants and 50 droppers, each using new obfuscation layers to evade detection. This pace of evolution underscores the increasing speed and sophistication of mobile threats.

AI-driven mobile security

“ClayRat demonstrates how attackers are evolving faster than ever, combining social engineering, self-propagation, and system abuse to maximize reach,” said Shridhar Mittal, CEO of Zimperium, adding “Our AI-driven mobile security ensures customers remain protected, even against campaigns designed to outpace traditional defenses.”

Benefit from additional protections

Zimperium’s Mobile Threat Defense and Mobile Runtime Protection solutions proactively detected ClayRat samples from their first appearance, keeping customers safe without relying on delayed updates.

As an App Defense Alliance partner, Zimperium has also shared its findings with Google, ensuring Android users benefit from additional protections through Google Play Protect.

Key Findings:

600+ spyware samples discovered in just 90 days
Abuses SMS handler role to bypass security prompts
Spreads via contacts, each device becomes a distribution hub
Steals sensitive data including messages, call logs, and photos

Download PDF version Download PDF version

Add as a preferred source on Google

People mentioned in this article

Shridhar Mittal Zimperium

Show all

Related companies
Zimperium
Google Cloud

View all news from
Zimperium
Google Cloud

In case you missed it

Which Vertical Markets Have The Greatest Growth Potential For Security?

To serve various vertical markets and industries effectively, security professionals must recognize that each sector has unique assets, risks, compliance requirements, and operatio...

eCLIQ Enhances Security At Marin Hospital Of Hendaye

The Marin Hospital of Hendaye in the French Basque Country faced common challenges posed by mechanical access control. Challenges faced Relying on mechanical lock-and-key technol...

What’s Behind (Perimeter) Door #1?

A lot has been said about door security — from reinforced door frames to locking mechanisms to the door construction — all of which is crucial. But what security measur...