This Aggressive Spyware Targets Both Android and IOS Devices.
Attackers don’t have to go to great lengths to develop sophisticated malware to attack unsuspecting victims. A new spyware platform called ZeroDayRAT is reportedly being sold on Telegram , including customer support and updates.
According to mobile security company iVerify, this aggressive spyware provides complete remote control over devices running Android 15-16 and iOS up to and including iOS 26. Once installed, it enables all sorts of activities, from user profiling and location tracking to real-time video surveillance and financial theft.
What ZeroDayRAT can get from your device
This spyware possesses extensive capabilities that, according to iVerify, have traditionally been found on government-sponsored platforms. Here’s what ZeroDayRAT can do:
-
Collect device information such as model, OS, battery status, country, lock status, SIM card and carrier information, app usage, real-time activity, and SMS message previews. This allows attackers to create user profiles for further targeting.
-
Obtain GPS coordinates, intercept notifications from applications and systems, and collect account information such as usernames and email addresses.
-
Send SMS messages and receive verification codes to bypass two-factor authentication.
-
Record keystrokes (including biometric unlocking, gestures, and app launches), access the camera and microphone, and record the screen.
-
Capturing crypto wallet addresses and obtaining credentials for banking and payment applications using overlay network attacks.
How to protect yourself from spyware
ZeroDayRAT can only infect your device if you download and install a malicious executable file—an APK file used by Android or iOS. Such files can be distributed through phishing, such as links sent via email, SMS, or messaging apps, as well as through fake app stores.
All standard recommendations for preventing fraud and malware remain in effect: never click links in unsolicited messages, including in conversations on apps like Telegram and WhatsApp, and only download apps and extensions from official, trusted sources.
Users at high risk of becoming a target of cyberattacks, as well as anyone looking to enhance their security, may want to consider enabling Lockdown Mode (iOS) or Advanced Protection (Android).