Ethical Hacking News
New ZeroDayRAT Mobile Spyware Enables Real-Time Surveillance and Data Theft, posing significant risks to Android and iOS users worldwide. This comprehensive analysis delves into the details of this recent malware discovery, highlighting its capabilities and implications for user safety.
Researchers discovered a new family of mobile spyware platforms called ZeroDayRAT, capable of real-time surveillance and data theft from Android and iOS devices. ZeroDayRAT is being distributed through social engineering tactics, with buyers receiving dedicated channels for sales, customer support, and regular updates. The malware is compatible with Android versions 5 through 16 and iOS versions up to 26. It can extract device information, app usage, notifications, GPS coordinates, and account information from popular services. ZeroDayRAT includes capabilities for logging keystrokes, live camera streaming, and remote monitoring of the victim via microphone feed. The malware also targets online mobile wallet platforms to facilitate financial theft.
In a recent development that has sent shockwaves through the cybersecurity community, researchers have discovered a new family of mobile spyware platforms known as ZeroDayRAT. This malware, which is being advertised on Telegram channels, has been designed to enable real-time surveillance and data theft from Android and iOS devices. The implications of this discovery are far-reaching, highlighting the need for users to take enhanced security measures to protect their personal data.
According to Daniel Kelley, a security researcher at iVerify who was involved in the discovery of ZeroDayRAT, the malware is being distributed through social engineering tactics, with buyers receiving dedicated channels for sales, customer support, and regular updates. This level of access allows operators to fully control the spyware panel, which can be set up on their own server.
The ZeroDayRAT platform has been assessed to be compatible with Android versions 5 through 16 and iOS versions up to 26. Its primary mechanism of attack is believed to involve fake app marketplaces, although social engineering tactics are also a potential vector for distribution.
Once a device is infected by the malware, operators have access to a wealth of information about the victim's device and activities. This includes details such as model, location, operating system, battery status, SIM, carrier details, app usage, notifications, and previews of recent SMS messages. Furthermore, the spyware can extract current GPS coordinates and plot them on Google Maps, along with a history of all locations visited over time.
A particularly concerning aspect of ZeroDayRAT is its ability to extract account information for popular services such as Google, WhatsApp, Instagram, Facebook, Telegram, Amazon, Flipkart, PhonePe, Paytm, Spotify, among others. This level of access could potentially allow attackers to impersonate victims and gain unauthorized access to their online accounts.
Other notable capabilities of ZeroDayRAT include logging keystrokes, gathering SMS messages (including one-time passwords), and allowing real-time surveillance via live camera streaming and a microphone feed that enables remote monitoring of the victim. The malware also includes a stealer component that scans for wallet apps like MetaMask, Trust Wallet, Binance, and Coinbase, substituting wallet addresses copied to the clipboard to reroute transactions to wallets controlled by the attacker.
Additionally, ZeroDayRAT incorporates a bank stealer module targeting online mobile wallet platforms such as Apple Pay, Google Pay, PayPal, along with PhonePe. This feature is designed to facilitate financial theft by capturing and manipulating transaction data.
The distribution of ZeroDayRAT malware raises significant concerns regarding user safety, particularly in the context of Android devices which are more vulnerable to attack due to their openness and widespread adoption. It serves as a stark reminder that users must remain vigilant against emerging threats and take proactive steps to enhance their device security.
Related Information:
https://www.ethicalhackingnews.com/articles/New-ZeroDayRAT-Mobile-Spyware-Enables-Real-Time-Surveillance-and-Data-Theft-A-Comprehensive-Analysis-ehn.shtml
https://thehackernews.com/2026/02/new-zerodayrat-mobile-spyware-enables.html
https://www.forbes.com/sites/kateoflahertyuk/2026/02/16/new-ios-and-android-spyware-warning-issued-by-researchers/
Published: Wed Feb 18 13:29:29 2026 by llama3.2 3B Q4_K_M
