Google Refuses To Fix Gemini Flaw While ClayRat Spyware Imitates Android Apps

Even if you’ve been fortunate enough to never be hacked, chances are you’ve brushed shoulders with a cyber threat without even realizing it.

In today’s hyperconnected world, hackers don’t always kick down doors. Sometimes, they walk right in wearing a friendly face. From fake social apps to invisible AI commands, cyber-attacks are becoming harder to spot and easier to trust.

This is happening right now, and leading cybersecurity researchers are raising an alarm over two new developments: a new Android spyware, ClayRat, is spreading fast by imitating popular Android apps, and Google’s announcement not to patch a flaw that could allow hackers to plant hidden commands inside its Gemini AI model.

So, let’s take a closer look at both incidents, and what they mean for users and organizations. Dive in!
 

What Is ClayRat And How Does It Spread?

At the center of the latest Android attack is ClayRat, a malicious spyware campaign discovered by Zimperium. The malware hides behind fake versions of popular apps like WhatsApp, TikTok, YouTube, and Google Photos to lure victims into downloading infected applications.


These apps are shared mainly through Telegram channels and phishing websites designed to look like real app stores, complete with fake reviews and inflated download counts.

Researchers identified over 600 malware samples and 50 different droppers released within three months, highlighting an active, large-scale campaign.

Some samples act as “droppers,” presenting a fake Play Store update while secretly installing the real payload hidden inside the app. ClayRat even uses a session-based installation method to help it bypass Android 13’s security restrictions and trick users.

Once installed, it takes control of the device’s SMS manager, letting it read, intercept, or even rewrite messages. The spyware can also send out malicious texts to all contacts, using the victim’s device to spread further infection.
 

So, What Does ClayRat Do?

ClayRat is more than spyware as it gives attackers full remote control through an encrypted command-and-control (C2) server. Here’s how:
 

• Data Theft: Reads and exfiltrates SMS messages, notifications, contacts and device information.

• Surveillance: Takes front-camera photos and accesses call logs.

• Communication Control: Sends or resends SMS, places calls, and acts as the default SMS app.

• Network Abuse: Uses proxy commands to relay data through WebSockets for faster communication with the C2 server.

• Propagation: Automatically spreads malicious links to contacts for mass infection.

Zimperium shared the threat details with Google, and Play Protect now blocks known variants of the spyware. However, new versions are emerging rapidly, showing the attackers’ determination to keep the campaign alive.

If ClayRat shows how attackers exploit human trust, the next story reveals how they’re now learning to manipulate artificial intelligence itself.
 

What Is The ASCII Smuggling Attack In Google Gemini?

A security researcher from FireTail, Viktor Markopoulos, discovered that Gemini is vulnerable to ASCII smuggling—a method that hides malicious instructions using invisible Unicode characters.

The report said, “For users with LLMs connected to their inboxes, a simple email with hidden commands can instruct the LLM to search the inbox for sensitive items or send contact details, turning a standard phishing attempt into an autonomous data extraction tool.”

These characters can’t be seen by users, but Gemini’s language model can still read and follow them.

The attack can insert hidden commands in text fields such as email subjects or calendar invites, allowing Gemini to act on malicious instructions without user awareness.

During testing, Gemini could be tricked into displaying fake websites, altering meeting details, or sending sensitive data, if connected to email or calendar accounts.


Other AI assistants like ChatGPT, Claude, and Microsoft Copilot successfully blocked such inputs through input sanitization. However, Gemini, DeepSeek, and Grok remained vulnerable in tests.
 

So, How Did Google Respond?

Google was notified about the issue on September 18, 2025, but the company said it does not classify ASCII smuggling as a security bug.

The tech giant believes that the attack relies on social engineering, meaning users must be tricked into interacting with hidden content. As a result, Google will not release a fix for Gemini at this time.

Cybersecurity experts, however, warned that because Gemini can access and analyze emails and calendar invites automatically, attackers could launch “invisible” data thefts without any user action.

Organizations are advised to limit Gemini’s access to emails and calendars until Google introduces more robust input filtering.

While the ClayRat spyware shows how attackers are perfecting the art of disguise, Gemini’s flaw highlights a growing need for AI security governance.

As AI systems merge into mobile devices and apps for everyday workflows, the line between “device security” and “data integrity” is blurring. Both these incidents are a reminder that technological advancement and cyber threats move in lockstep—and for now, the attackers seem to be a step ahead.

Do you think Google should reconsider its decision on Gemini’s ASCII smuggling bug? Will spyware like ClayRat force Google and Android to tighten its sideloading rules?

Let us know in the comments below!