<ciso brief/>
Tag Banner

All news with #zimperium tag

all tags →

Thu, October 30, 2025

Surge in NFC Relay Malware Targeting European Cards

#Android #NFC #Payment card #Data Exfil via Tools #Zimperium

📱Zimperium reports a sharp rise in Android apps abusing Host Card Emulation (HCE) to steal contactless payment card data across Eastern Europe. Researchers observed over 760 malicious APKs and 70+ command-and-control servers that capture EMV fields, respond to POS APDU commands, or forward requests to remote servers. Variants include data exfiltration to Telegram, relay toolkits, 'ghost-tap' real-time HCE manipulation, and fake payment apps impersonating Google Pay and regional banks. Users are advised to avoid sideloading APKs, restrict NFC permissions, run Play Protect, and disable NFC when not in use.

read more →

Thu, October 9, 2025

ClayRat Android spyware mimics popular apps to spread

#Android #ClayRat #Spyware #Zimperium #Data Exfil via Tools

📱 A new Android spyware campaign called ClayRat is tricking users by posing as well-known apps and services such as WhatsApp, Google Photos, TikTok, and YouTube and distributing APKs via Telegram channels and fraudulent websites. Researchers at Zimperium say they documented over 600 samples and 50 distinct droppers in three months, noting that some use a session-based installation and encrypted payloads to bypass Android defenses. Once installed, ClayRat can assume the default SMS handler, exfiltrate SMS and call logs, capture notifications and front-camera photos, make calls, send mass SMS for propagation, and communicate with C2 servers (recent versions use AES-GCM); Play Protect now blocks known variants.

read more →

Thu, October 9, 2025

ClayRat Android Spyware Turns Phones Into SMS Hubs

#Active Exploitation #Data Exfil via Tools #Android #Zimperium #Google

🔔 A fast-evolving Android spyware campaign dubbed ClayRat has produced over 600 samples and 50 droppers in three months, researchers say. The malware is distributed via phishing sites and Telegram channels that impersonate popular apps like TikTok, YouTube and Google Photos to trick users into sideloading infected APKs. Once granted SMS privileges, ClayRat can read and send messages, harvest contacts and call logs, take front-camera photos, exfiltrate data to C2 servers, and automatically text malicious links to all contacts, turning each compromised device into a propagation hub.

read more →