Cyber: Zerodayrat Malware Grants Full Access To Android, Ios Devices

A new commercial mobile spyware platform dubbed ZeroDayRAT is being advertised to cybercriminals on Telegram as a tool that provides full remote control over compromised Android and iOS devices.

The malware provides buyers with a full-featured panel for managing infected devices, reportedly supporting Android 5 through 16 and iOS up to version 26 latest.

Researchers at mobile threat hunting company iVerify say that ZeroDayRAT not just steals data but also enables real-time surveillance and financial theft.

The dashboard shows compromised devices and information about the model, operating system version, battery status, SIM details, country, and lock state.

The malware can log app usage, activity timelines, SMS message exchanges, and provides an overview to the operator.

Other tracking tabs on the dashboard display all received notifications, and also registered accounts on the infected device, showing email/user ID, potentially enabling brute-forcing and credential stuffing.

If GPS access is secured, the malware can also track the victim in real time and draw their current position on a Google Maps view, with full location history.

Apart from passive data logging, ZeroDayRAT also supports active hands-on operations, such as activating the device’s cameras (front and rear) and microphone to gain access to a live media feed, or recording the victim’s screen to expose other secrets.

Moreover, if the SMS access permission is secured, the malware can capture incoming one-time passwords (OTPs), enabling 2FA bypass, and also send SMS from the victim’s device.

The malware developer also included a keylogging module that can capture user input, like passwords, gestures, or screen unlock patterns.

Source: BleepingComputer