ZeroDayRAT Malware Fully Compromises Android and iOS Device Security
A new spyware platform called ZeroDayRAT has emerged, targeting both Android and iOS devices. This malware is marketed on Telegram as a robust tool that gives cybercriminals remote control over infected devices. ZeroDayRAT is compatible with Android versions 5 through 16 and iOS up to version 26.
Capabilities of ZeroDayRAT Malware
According to researchers at iVerify, ZeroDayRAT can perform extensive data theft and enable real-time surveillance. The malware features an advanced dashboard that displays key information about compromised devices, including:
- Device model
- Operating system version
- Battery status
- SIM details
- Device lock state
- Country of operation
Data Logging and Tracking Features
The ZeroDayRAT malware logs app usage and timelines, capturing SMS message exchanges. It also provides operators with comprehensive details, including:
- Received notifications
- Accounts registered on the device (email/user ID)
If GPS access is granted, the malware can track the victim’s real-time location and provide a history of movements with a Google Maps view.
Active Surveillance Capabilities
Beyond passive data collection, ZeroDayRAT allows for active monitoring. This includes:
- Activating front and rear cameras for live feeds
- Accessing the microphone for audio capture
- Recording the device’s screen
These features enable cybercriminals to gather sensitive information and monitor victims closely.
Financial Theft Mechanisms
ZeroDayRAT enhances financial theft capabilities with specialized modules. The cryptocurrency stealer component scans for popular wallet apps, including MetaMask, Trust Wallet, Binance, and Coinbase. It logs wallet IDs and attempts to replace copied wallet addresses with addresses controlled by the attacker.
The bank stealer targets online banking applications and payment platforms such as Google Pay, PhonePe, Apple Pay, and PayPal. It often employs fake screens to capture user credentials.
Delivery and Recommendations
iVerify has not disclosed how ZeroDayRAT is delivered to devices, but they emphasize that it serves as a comprehensive mobile compromise toolkit. A single compromised device could lead to significant breaches within an organization and expose individual users to privacy violations and financial losses.
To safeguard against such threats, users should:
- Download apps exclusively from reputable sources, such as Google Play and the Apple App Store.
- Enable Lockdown Mode on iOS and Advanced Protection on Android for added security.
As mobile threats evolve, remaining aware and proactive is essential for ensuring device security in today’s digital landscape.
