The new campaign known as GlueRat tends to confuse users upon loading fake versions of whatsappTikTok and other popular applications. Hackers disguise applications as legitimate so that users install them on their phones. Once they do this, malware is activated that can steal our information, take photos using the front camera, or replicate to other phones through text messages.
According to Computer beepingThe malicious campaign exploits people’s naivety and poor technological knowledge to hack their mobile devices. The attack, known as ClayRat, combines social engineering, visual spoofing and permission abuse to infect your phone and turn it into a machine that will spy on you.
According to the Zimperium report, ClayRat is distributed through Telegram channels or fake pages that imitate the official websites of popular applications. These sites offer Malicious APK files that look like updates or premium versions of WhatsApp.TikTok or YouTube. Once the user clicks, the website redirects him to the Telegram channel where the APK is hosted so he can download it.
Although Android disables installation from third-party sources to improve security, ClayRat uses some techniques to build trust. The APK displays a fake Google Play update screen that mimics legitimate behavior. Additionally, the malware uses the same names, icons, and package descriptions as WhatsApp and TikTok.
Once the user’s trust is gained, it asks him to enable installation from third-party sources to deploy spyware. As if that wasn’t enough asks to become default SMS appgiving you full access to read and send messages, as well as modify the database.
How ClayRat, the malware impersonating WhatsApp and TikTok, works
If your naivety has led you to this point and you have accepted everything, ClayRat has already infiltrated your mobile phone and stolen your information. Security analysts say it’s spyware Has the ability to take photos using the front camera. without your knowledge. It can also recover call logs, notifications, app list and data from the device to be sent to the attacker.
The problems don’t end there as your device will become a distribution hub to infect others. By granting it the rights to be the default messaging app, malware will send messages to all your contacts with malicious links.
Zimperium notes that the ClayRat campaign is spreading in Russia. However, users from other countries are asked Take extreme precautions to avoid falling victim to this attack.. If someone sends you a download link for YouTube Plus or an upgraded version of WhatsApp, don’t open it.
It doesn’t hurt to periodically review your installed apps and permissions on Android. Although the latest versions of the operating system have anti-fraud mechanisms, hackers always find a way to bypass the security using the user.
Source: Hiper Textual
I’m Ben Stock, a highly experienced and passionate journalist with a career in the news industry spanning more than 10 years. I specialize in writing content for websites, including researching and interviewing sources to produce engaging articles. My current role is as an author at Gadget Onus, where I mainly cover the mobile section.
