ZeroDayRAT spyware grants attackers total access to mobile devices

ZeroDayRAT is a commercially sold cross-platform mobile spyware toolkit that provides operators full remote access to Android and iOS devices — including live camera/microphone streaming, keylogging, screen recording, GPS tracking, notification/oauth/account enumeration, and modules for stealing crypto and banking credentials. First observed in February 2026 and analyzed by iVerify, the tool is distributed via Telegram, offers an easy web-based control panel for buyers, and is spread through smishing, phishing, fake apps, and malicious links, posing a high risk to individual users and organizations handling sensitive accounts or financial assets.