Cybersecurity researchers disclosed a new mobile spyware platform named ZeroDayRAT that is advertised on Telegram and can enable real-time surveillance and financial theft on Android and iOS devices, a technical analysis by iVerify said.
KEY FACTS
- Incident New commercial spyware platform advertised on Telegram
- Platforms Supports Android 5 through 16 and iOS up to 26
- Capabilities Live camera and microphone access, GPS tracking, keystroke logging, and OTP theft
- Distribution Malicious binaries generated by a builder and spread via social engineering or fake app stores
The malware is delivered as builder-generated binaries that buyers can configure and self-host together with an online control panel. Operators obtain a panel, command infrastructure, and prebuilt payloads to deploy to target devices.
Once installed the software exposes device metadata including model, operating system, location, battery status, SIM and carrier details, app usage, notifications, and previews of recent SMS messages. It also enumerates registered accounts across services such as Google, WhatsApp, Instagram, Facebook, Telegram and several payment apps.
The platform enables hands-on surveillance through live camera streaming and a microphone feed, and it logs keystrokes. It can capture one-time passwords from SMS and contains a stealer that replaces clipboard wallet addresses to reroute cryptocurrency payments. A bank stealer module targets mobile wallets and payment services including Apple Pay, Google Pay and UPI based apps.
Operators sell the platform on Telegram with channels for sales, customer support and updates. The toolkit combines multiple attack methods that have appeared in prior mobile malware campaigns. Public data on infection scale and victim locations was not provided in the analysis.
WHY IT MATTERS
The availability of a turnkey spyware builder and control panel lowers the technical barrier for attackers and increases the risk to individuals and organizations that rely on mobile devices for communication and payments.