New ZeroDayRAT Attacking Android and iOS For Real-Time Surveillance and Data Theft

ZeroDayRAT is a newly observed commercial mobile spyware platform (Android 5–16, iOS up to 26) sold publicly via Telegram and used in smishing, phishing, fake app store, and messaging-based campaigns; its browser-based operator dashboard enables GPS tracking, notification and SMS interception (including OTPs), live camera/microphone feeds, screen recording, keylogging, account enumeration, crypto clipboard swapping, and banking overlays. The report details infection chains, operator capabilities, and recommended mitigations for defenders such as avoiding sideloading, using stronger MFA than SMS, mobile threat monitoring, and rapid triage and reporting.