New Android/RAT Malware Allows Hackers Unrestricted Access to Phones

Anuj April 3, 2026
New-Android-RAT-Malware-Allows-Hackers-Unrestricted-Access-to-Phones
Post Views: 188

Remote Access Trojan (RAT) Exploiting System Flaws Allows Unrestricted Access to Mobile Devices

The threat actor xone9to1 has introduced a newly developed Remote Access Trojan (RAT) that can compromise both Android and iOS devices without requiring any software installation or user interaction. This method is similar to those employed by the notorious Pegasus spyware, which bypasses traditional infection methods such as application installations or link clicks.

  • Sensitive Information Retrieval: The RAT can obtain sensitive information, including SIM card and network details, location history, and real-time notifications.
  • Data Extraction from Social Media Platforms: It can extract data from various social media platforms, including Google, Instagram, Telegram, and Spotify, without being detected.
  • Remote Device Control: Hackers can remotely control the device, lock it, power it off, manipulate the ringer and brightness settings, and integrate it into a Distributed Denial-of-Service (DDoS) botnet.
  • Surveillance Capabilities: The RAT provides a comprehensive suite of surveillance capabilities, including file management with encryption, front and back camera streaming, screen recording, and microphone access.
  • Keystroke Logging: It can log keystrokes, allowing attackers to intercept sensitive information, such as financial data, from digital wallets like MetaMask, Trust Wallet, Binance, UPI, Apple Pay, Google Pay, and PayPal.
According to xone9to1, the RAT is compatible with devices running the latest iPhone 17 firmware and Android versions 5 through 16.

To mitigate against this threat, security experts recommend:

  • Updating to the latest iOS 26.3.1+
  • Enabling Lockdown Mode
  • Auditing OAuth apps
  • Monitoring anomalous battery drain and camera usage

Conclusion:

This development highlights the evolving nature of mobile threats and the need for constant vigilance in maintaining up-to-date security patches and adopting robust defense strategies to protect against sophisticated attacks.


Blog Image

About Author

Anuj

See author's posts

More Stories

www.news4hackers.com-darwinium-updates-mobile-sdks-for-remote-access-scam-detection-darwinium-updates-mobile-sdks-for-remote-access-scam-detection

Darwinium Updates Mobile SDKs for Remote Access Scam Detection

Anuj May 20, 2026
www.news4hackers.com-certsecure-manager-v3-3-offers-zero-touch-certificate-renewal-automation-certsecure-manager-v3-3-offers-zero-touch-certificate-renewal-automation

CertSecure Manager V3.3 Offers Zero-Touch Certificate Renewal Automation

Anuj May 20, 2026
www.news4hackers.com-threat-detection-and-incident-response-conference-2023-threat-detection-and-incident-response-conference-2023

Threat Detection and Incident Response Conference 2023

Anuj May 20, 2026

Latest Cyber Security News

www.news4hackers.com-darwinium-updates-mobile-sdks-for-remote-access-scam-detection-darwinium-updates-mobile-sdks-for-remote-access-scam-detection

Darwinium Updates Mobile SDKs for Remote Access Scam Detection

Anuj May 20, 2026
www.news4hackers.com-certsecure-manager-v3-3-offers-zero-touch-certificate-renewal-automation-certsecure-manager-v3-3-offers-zero-touch-certificate-renewal-automation

CertSecure Manager V3.3 Offers Zero-Touch Certificate Renewal Automation

Anuj May 20, 2026
www.news4hackers.com-google-removes-malicious-apps-exposed-by-ad-fraud-scheme-google-removes-malicious-apps-exposed-by-ad-fraud-scheme

Google Removes Malicious Apps Exposed by Ad Fraud Scheme

Anuj May 20, 2026
www.news4hackers.com-github-security-breach-impacts-3800-repositories-github-security-breach-impacts-3800-repositories

github-security-breach-impacts-3800-repositories

Anuj May 20, 2026
www.news4hackers.com-threat-detection-and-incident-response-conference-2023-threat-detection-and-incident-response-conference-2023

Threat Detection and Incident Response Conference 2023

Anuj May 20, 2026
en_USEnglish
en_USEnglish