ZeroDayRAT: The New Spyware Threatening Android and iOS Users
A new mobile spyware platform, ZeroDayRAT, has emerged as a significant threat to both Android and iOS devices. First observed on February 2, 2026, ZeroDayRAT is being openly sold on Telegram, providing attackers with full remote control over compromised devices. This sophisticated tool supports Android versions 5 through 16 and iOS up to version 26, including the iPhone 17 Pro. Notably, it requires no technical expertise to operate, making it accessible to a wide range of malicious actors.
Infection Vectors:
ZeroDayRAT primarily spreads through smishing (SMS phishing), where victims receive text messages containing links that lead to malicious app downloads. Other distribution methods include phishing emails, fake app stores, and links shared via messaging platforms like WhatsApp and Telegram. Once the victim installs the malicious app, the spyware activates, granting the attacker extensive control over the device.
Capabilities and Features:
Upon installation, ZeroDayRAT offers a comprehensive suite of surveillance and data theft capabilities:
– Device Profiling: The spyware collects detailed information about the device, including model, operating system version, carrier details, SIM information, and app usage patterns.
– Real-Time Surveillance: Attackers can access live feeds from both front and rear cameras, record the screen, and activate the microphone to eavesdrop on conversations.
– Keylogging: Every keystroke made on the device is logged, capturing sensitive information such as passwords and personal messages.
– Notification Interception: ZeroDayRAT captures all notifications, including those from messaging apps like WhatsApp, Instagram, and Telegram, providing attackers with insights into the victim’s communications.
– SMS Access: The spyware intercepts SMS messages, including one-time passwords (OTPs) used for two-factor authentication, facilitating unauthorized access to accounts.
– Financial Theft Modules: ZeroDayRAT includes modules designed to steal financial information. It can scan for cryptocurrency wallet apps such as MetaMask, Trust Wallet, Binance, and Coinbase, logging wallet addresses and balances. Additionally, it employs overlay attacks to steal login credentials for banking apps and payment platforms like Apple Pay, Google Pay, and PayPal.
Operational Dashboard:
The spyware is managed through a web-based control panel that provides attackers with a centralized interface to monitor and control infected devices. This dashboard displays real-time data, including device location, app usage, intercepted messages, and more. The user-friendly design ensures that even individuals with minimal technical knowledge can operate the spyware effectively.
Implications and Risks:
The emergence of ZeroDayRAT signifies a concerning trend in the accessibility and sophistication of mobile spyware. Tools that once required significant resources and expertise are now available to a broader range of malicious actors. The extensive capabilities of ZeroDayRAT pose severe risks to personal privacy, financial security, and organizational data integrity.
Protective Measures:
To mitigate the threat posed by ZeroDayRAT, users are advised to adopt the following precautions:
– Exercise Caution with Links: Avoid clicking on links from unknown or untrusted sources, especially those received via SMS or email.
– Download Apps from Official Stores: Only install applications from official app stores like Google Play Store and Apple App Store to reduce the risk of downloading malicious software.
– Keep Software Updated: Regularly update your device’s operating system and applications to ensure you have the latest security patches.
– Use Strong Authentication Methods: Opt for multi-factor authentication methods that do not rely solely on SMS-based OTPs, such as authenticator apps or hardware tokens.
– Monitor Device Behavior: Be vigilant for signs of infection, such as unexpected battery drain, unusual permissions requests, or unfamiliar apps appearing on your device.
– Implement Security Solutions: Consider using reputable mobile security software to detect and prevent malware infections.
Conclusion:
ZeroDayRAT represents a significant advancement in mobile spyware, offering attackers unprecedented control over infected devices. Its ease of use and comprehensive feature set make it a formidable threat to both individual users and organizations. By staying informed and adopting robust security practices, users can reduce the risk of falling victim to such sophisticated malware.
