Ethical Hacking News
ZeroDayRAT, a sophisticated mobile spyware platform granting full access to Android and iOS devices has been discovered by researchers at iVerify. The malware provides buyers with a full-featured panel for managing infected devices, reportedly supporting Android 5 through 16 and iOS up to version 26 latest. It enables real-time surveillance and financial theft, making it a significant threat to both individuals and enterprises.
ZeroDayRAT is a newly discovered commercial mobile spyware platform. The malware provides full remote control over compromised Android and iOS devices, enabling real-time surveillance and financial theft. The dashboard displays device information and logs app usage, activity timelines, SMS message exchanges, and provides an overview to the operator. Active hands-on operations include camera and microphone access, screen recording, OTP bypass, and SMS sending. A keylogging module captures user input, while a cryptocurrency stealer module activates wallet app scanner for financial theft. The malware targets online banking apps, UPI platforms, payment services, and credential theft through overlayed fake screens. Users are recommended to only trust official stores and install from reputable publishers to avoid ZeroDayRAT compromise.
ZeroDayRAT, a newly discovered commercial mobile spyware platform, has been advertised on Telegram as a tool that provides full remote control over compromised Android and iOS devices. This malware is not just a data stealer but also enables real-time surveillance and financial theft.
The dashboard of the ZeroDayRAT panel displays compromised devices along with information about the model, operating system version, battery status, SIM details, country, and lock state. The malware can log app usage, activity timelines, SMS message exchanges, and provides an overview to the operator.
Apart from passive data logging, ZeroDayRAT also supports active hands-on operations, such as activating the device’s cameras (front and rear) and microphone to gain access to a live media feed, or recording the victim’s screen to expose other secrets. Moreover, if the SMS access permission is secured, the malware can capture incoming one-time passwords (OTPs), enabling 2FA bypass, and also send SMS from the victim’s device.
Furthermore, a keylogging module in the ZeroDayRAT malware can capture user input, such as passwords, gestures, or screen unlock patterns. Financial theft is enabled through a cryptocurrency stealer module that activates a wallet app scanner looking for MetaMask, Trust Wallet, Binance, and Coinbase wallets, logs wallet IDs and balances, and attempts clipboard address injection.
The bank stealer targets online banking apps, UPI platforms like Google Pay and PhonePe, and payment services such as Apple Pay and PayPal. Credential theft occurs by overlaying fake screens. Researchers at mobile threat hunting company iVerify say that ZeroDayRAT is a complete mobile compromise toolkit that could lead to enterprise breaches.
For an individual, a ZeroDayRAT compromise could expose their privacy and lead to financial losses. Users are recommended to only trust the official app stores, Google Play on Android and Apple Store on iOS, and install apps from reputable publishers. High-risk users should consider enabling Lockdown Mode on iOS and Advanced Protection on Android.
Related Information:
https://www.ethicalhackingnews.com/articles/ZeroDayRAT-A-Sophisticated-Mobile-Spyware-Platform-Granting-Full-Access-to-Android-and-iOS-Devices-ehn.shtml
https://www.bleepingcomputer.com/news/security/zerodayrat-malware-grants-full-access-to-android-ios-devices/
https://cybersecuritynews.com/new-android-malware-ghostspy/
https://www.cyfirma.com/research/ghostspy-web-based-android-rat-advanced-persistent-rat-with-stealthy-remote-control-and-uninstall-resistance/
https://www.forbes.com/sites/kateoflahertyuk/2025/02/21/netflixs-zero-day-what-exactly-is-a-zero-day-cyberattack/
https://www.guidepointsecurity.com/blog/gritrep-0apt-and-the-victims-who-werent/
https://izoologic.com/threat-intelligence/0apt-a-new-ransomware-group-driving-targeted-double-extortion-campaigns/
Published: Tue Feb 10 07:09:30 2026 by llama3.2 3B Q4_K_M
