Cybersecurity researchers warn of ZeroDayRAT, a new spyware sold that enables real-time surveillance, data theft, and credential compromise.
Security researchers have disclosed details of a new mobile spyware platform called ZeroDayRAT that enables extensive data theft and real-time surveillance on both Android and iOS devices.
The malware, which researchers first observed in early February 2026, is being advertised on Telegram, where developers offer buyers a full operational control panel, customer support and ongoing updates.
ZeroDayRAT is compatible with Android versions 5 through 16 and iOS systems up to version 26, making it a threat to a wide range of mobile users. Its distribution relies on social engineering, fake app stores and phishing or smishing campaigns that trick victims into installing malicious binaries.
Once deployed, the spyware provides operators with deep access to a compromised device. This includes detailed device information such as model, operating system, location, app usage and SIM details. It can also extract SMS messages, notifications and one-time passwords, enabling attackers to bypass two-factor authentication protections and access linked accounts.
The spyware also supports live remote surveillance, including camera and microphone feeds, GPS tracking and keystroke logging. Financial theft features extend to scanning for mobile wallet apps and banking platforms, with routines that can redirect cryptocurrency transactions to wallets controlled by attackers.
Security analysts note that ZeroDayRAT combines capabilities once seen only in sophisticated, state-level malware, but is now commercially accessible to a range of threat actors. The ease of access including self-hosted panels for operators and distribution via Telegram channels, heightens the danger for everyday users and organisations alike.
Cybersecurity experts warn that vigilance, careful handling of links and avoidance of unofficial app sources are critical to defend against evolving mobile threats such as ZeroDayRAT.
Reports are sourced from official documents, law-enforcement updates, and credible investigations.
Discover additional reports, market trends, crime analysis and Harm Reduction articles on DarkDotWeb to stay informed about the latest dark web operations.
