New ZeroDayRAT Malware Threatens Android and iOS Devices with Full Monitoring Capabilities
ZeroDayRAT: A Newly Discovered Mobile Spyware Platform
A newly discovered mobile spyware platform, dubbed ZeroDayRAT, is being marketed as a subscription-based service that enables buyers to monitor and exploit Android and iOS devices.
Initial Access and Malware Capabilities
According to researchers, the initial access is achieved through social engineering tactics, including smishing campaigns that involve sending victims SMS phishing messages containing links disguised as legitimate apps, updates, or service notifications.
Once installed, the malware connects to a control panel that aggregates device data and monitoring tools.
Monitoring and Financial Theft Capabilities
The platform allows operators to view device information, including model details, carrier data, battery status, and application usage timelines.
Additionally, the spyware offers live tracking and monitoring features, including GPS location tracking, remote camera and microphone activation, real-time screen recording, and keystroke logging.
The platform also includes modules focused on monetization, scanning for cryptocurrency wallet applications and using clipboard injection features to replace copied wallet addresses with attacker-controlled ones.
Legitimacy and Threat Assessment
Researchers have raised doubts about the platform’s legitimacy, identifying inconsistencies in the seller’s claims and suggesting that parts of the interface may be staged or generated using AI tools.
However, the findings do highlight the growing threat of mobile-targeted malware, with other families such as Arsink, Anatsa, and NFC-based attacks gaining traction.
Conclusion and Recommendations
The increasing number of mobile-focused threats underscores the value of smartphones as repositories of financial data, authentication tokens, and personal communications.
As such, users are advised to exercise caution when receiving unknown links delivered through SMS or messaging apps, particularly those involving urgent financial or account-related messages.
The rise of mobile malware like ZeroDayRAT emphasizes the need for users to be vigilant and take steps to protect their devices from such threats.
By being aware of the tactics used by attackers and taking proactive measures to secure their devices, users can reduce the risk of falling victim to these types of attacks.
About Author
English