ZeroDayRAT: Spyware for Sale

New ZeroDayRAT Mobile Spyware Enables Real-Time Surveillance and Data Theft

Security researchers have uncovered a new mobile spyware platform called ZeroDayRAT, actively marketed on Telegram to cybercriminals. The malware targets both Android and iOS devices and offers real-time surveillance capabilities, including location tracking, keystroke logging, SMS interception, microphone and camera access, and credential harvesting. It also claims to capture one-time passwords, enabling bypass of two-factor authentication. Delivered via malicious apps or phishing campaigns, ZeroDayRAT lowers the barrier to advanced mobile compromise, effectively offering “spyware-as-a-service” to less technically skilled attackers.

If you thought sophisticated mobile surveillance tools were reserved for nation states and Hollywood villains, think again. A new spyware platform named ZeroDayRAT is being openly advertised online, offering powerful monitoring capabilities to anyone with a cryptocurrency wallet and questionable ethics.

What Does It Do?
In short: far too much.
ZeroDayRAT reportedly targets both Android and iOS devices, allowing attackers to:
• Track a victim’s real-time location
• Record calls and ambient audio
• Access the camera remotely
• Capture SMS messages and one-time passcodes
• Log keystrokes
• Steal login credentials

In other words, if it’s happening on your phone, this tool likely wants a copy.

Spyware-as-a-Service

Perhaps the most concerning aspect isn’t the technical capability — it’s the accessibility. ZeroDayRAT is marketed via Telegram channels and includes a web-based control panel, making it easy for buyers to deploy and monitor victims.
That means individuals with minimal technical knowledge could carry out serious privacy violations.

How It Spreads
While exact distribution methods vary, tools like this are commonly spread via:
• Malicious apps disguised as legitimate software
• Phishing messages containing infected links
• Social engineering tactics convincing users to install “updates”
Once installed, the spyware runs quietly in the background, often avoiding detection.

What You Can Do
• Install apps only from official stores
• Keep devices updated
• Avoid sideloading apps
• Be cautious with unsolicited messages
• Use mobile security software where appropriate

Mobile devices hold the keys to our banking, email, work documents and private lives. Tools like ZeroDayRAT remind us that smartphones are no longer just phones — they’re high-value targets.