FindArticles FindArticles
  • News
  • Technology
  • Business
  • Entertainment
  • Science & Health
  • Knowledge Base
FindArticlesFindArticles
Font ResizerAa
Search
  • News
  • Technology
  • Business
  • Entertainment
  • Science & Health
  • Knowledge Base
Follow US
  • Contact Us
  • About Us
  • Write For Us
  • Privacy Policy
  • Terms of Service
FindArticles © 2025. All Rights Reserved.
FindArticles > News > Technology

A quarter of SMS from contacts contain sketchy links

Bill Thompson
Last updated: October 10, 2025 7:16 pm
By Bill Thompson
Technology
7 Min Read
SHARE

A new Android threat is using trusted phone numbers as lures. Sidestep Phishing: Friends don’t let friends get phished, and security researchers are warning of a new scam targeting them — using SMS links from a friend, family member or coworker can be the work of “ClayRat,” which is a fast-mutating malware family that uses its victims’ messaging apps to blast their contacts with malicious links.

How ClayRat infects your contacts using SMS lures

ClayRat starts with social engineering. Attackers are then seeding Telegram channels and fake brand websites with realistic download instructions for phony apps branded as TikTok, YouTube or Google Photos, mobile security firm Zimperium says. One campaign parodied a slick “YouTube Plus” website with instructions to skip Android’s built-in safeguards.

Table of Contents
  • How ClayRat infects your contacts using SMS lures
  • What the Malware Can Do on an Infected Phone
  • Why SMS From Trusted Senders Works So Well
  • Red Flags — and Practical Ways to Protect Yourself
  • What to watch next as ClayRat operators iterate fast
SMS phishing link from a contact on a smartphone screen

Installed, the malware asks for SMS privileges and rapidly makes the phone a distribution node. It blasts a short lure to the victim’s entire address book — messages contain the Russian phrase “Узнай первым!” (“Be the first to know!”) — paired with a malicious link. The hit rate — because the text appears to come from someone the recipient knows, you can nix that “ph,” multiplying your chances of getting a user to click through — will likely be much higher than on a cold phish.

For example, to bypass Android’s warnings regarding apps from unknown sources, ClayRat can display a spoofed Google Play update alert and trick the user into authorizing sideloading.

Zimperium says it has traced over 600 unique samples in a recent three‑month time frame, an indication that the operators are iterating quickly and trying out multiple lures.

What the Malware Can Do on an Infected Phone

In addition to its spreading capabilities, ClayRat is designed for surveillance and data exfiltration. Analysts found the functionality to intercept SMS text messages, exfiltrate call logs and take discreet snapshots. Such functions add risk of account takeover when the malware can read one‑time passcodes or compromise out‑of‑band authentication delivered by text.

Smartphone SMS from a saved contact with a suspicious link; SMS phishing warning

According to Zimperium, the campaign has targeted Russian users — but the tactics of brand impersonation, Telegram distribution and contact‑based propagation go over well anywhere. They’ve shared indicators of compromise with Google, and known variants are being prevented by Google Play Protect where signatures are available. But fresh samples and look‑alike campaigns may still reach users who sideload apps or click on off‑store links.

Why SMS From Trusted Senders Works So Well

Rogues know that your contacts are the most powerful form of social proof you’ve got. A link from a trusted name eludes skepticism, especially if it’s hyped, phrased for now (“for the next 24 hours”), or “exclusive” content. The attackers seek to boost credibility by flooding Telegram threads with faked testimonials, exaggerated counts of downloads and polished visuals that mimic official brands.

This fits a broader trend. Verizon’s Data Breach Investigations Report still lists social engineering among its top attack patterns, and security firms are reporting accelerating uptake of mobile‑first phishing that does not originate via email. According to Proofpoint’s State of the Phish, a significant majority of businesses experienced SMS‑based phishing in 2020 — highlighting how threat actors are leveraging messaging media which people trust more and where there are fewer controls.

Red Flags — and Practical Ways to Protect Yourself

  • When you get an unfamiliar link — even from someone you trust — stop and confirm through a different channel.
  • Ask the sender to verify they intended to share it.
  • Consider all APK files or “updates” outside the Google Play Store as hostile, especially if they ask you to disable protections or bypass a “special” Play prompt.
  • Enable Play Protect and do not sideload.
  • Review app permissions frequently — and if apps don’t require access to SMS, they shouldn’t get it.
  • If your phone suddenly displays strange SMS activity, unexpected data usage or camera access prompts, look into it immediately and run a respected mobile security scan.
  • Wherever feasible, move two‑factor authentication off SMS and onto an authenticator app or hardware key to limit the damage caused by SMS interception.
  • Companies will need to block sideloading on managed mobile devices, track malicious domains and Telegram channels used in campaigns and educate employees to alert their IT teams about any messages that appear suspicious but were sent by colleagues.
  • Malware threat defense solutions can detect new variants before they’ve been added to platform blocklists.

What to watch next as ClayRat operators iterate fast

The operators of ClayRat have demonstrated an ability to iterate quickly, changing domains, brands and messaging to outrun filters. Even if the current wave is concentrated primarily in one part of the world, the playbook — fake apps, social proof, contact‑based amplification — works anywhere. Plan for copycats to mimic the model.

The upshot: Treat any unfamiliar SMS link as a knock on the door after midnight. It could be nontoxic — but it could be ClayRat. The takeaways are to trust carefully, install only from reputable stores and keep your guard up so that your phone doesn’t serve as the next relay for somebody else’s malware campaign.

Bill Thompson
ByBill Thompson
Bill Thompson is a veteran technology columnist and digital culture analyst with decades of experience reporting on the intersection of media, society, and the internet. His commentary has been featured across major publications and global broadcasters. Known for exploring the social impact of digital transformation, Bill writes with a focus on ethics, innovation, and the future of information.
Latest News
Why Your Echo Show Clock Disappeared Recently
Chrome Mutes Obnoxious Website Notifications
BTK Killer, Splinter Cell, and Furioza lead Netflix
HBO Max features The Substance, The Snake Catcher & The Chair Company
Pebble App Store Is Back Online With Thousands of Apps
The AI Boom Is Being Driven By Billion-Dollar Infrastructure Deals
Underdog AI startups making the A16z Top 50 list
Xiaomi 17 Ultra Tipped for Big Camera Boost, Two Models
Three Methods of Getting Perplexity Pro Free for a Year
Prezent Raises $30M To Acquire AI Services Companies
iFixit Declares Pixel Watch 4 the Most Repairable Smartwatch
Today’s Average Gamer Is an Elder Millennial
FindArticles
  • Contact Us
  • About Us
  • Write For Us
  • Privacy Policy
  • Terms of Service
  • Corrections Policy
  • Diversity & Inclusion Statement
  • Diversity in Our Team
  • Editorial Guidelines
  • Feedback & Editorial Contact Policy
FindArticles © 2025. All Rights Reserved.