""The developer runs dedicated channels for sales, customer support, and regular updates, giving buyers a single point of access to a fully operational spyware panel," Daniel Kelley, security researcher at iVerify, said. "The platform goes beyond typical data collection into real-time surveillance and direct financial theft." ZeroDayRAT is designed to support Android versions 5 through 16 and iOS versions up to 26."
"Once the malware infects a device, the operator gets to see all the details, including model, location, operating system, battery status, SIM, carrier details, app usage, notifications, and a preview of recent SMS messages, through a self-hosted panel. This information allows the threat actor to profile the victim and glean more about who they talk to and the apps they use the most."
""One of the more problematic panels is the accounts tab," Kelley added. "Every account registered on the device is enumerated: Google, WhatsApp, Instagram, Facebook, Telegram, Amazon, Flipkart, PhonePe, Paytm, Spotify, and more, each with its associated username or email." Some of the other capabilities of ZeroDayRAT include logging keystrokes, gathering SMS messages -- including one-time passwords (OTPs) to defeat two-factor authentication, as well as allowing hands-on operations,"
ZeroDayRAT is a commercially sold mobile spyware platform advertised on Telegram that targets Android 5–16 and iOS up to 26. The developer supplies a builder and an online control panel that buyers can self-host, supported by dedicated sales and support channels. Distribution methods include social engineering and fake app marketplaces. Infected devices report extensive telemetry such as model, OS, battery, SIM/carrier, installed apps, notifications, SMS previews, and GPS coordinates with history plotted on Google Maps. The panel enumerates registered accounts across many services. Capabilities include keystroke logging, SMS/OTP interception to bypass 2FA, remote hands-on operations, profiling, and tools facilitating direct financial theft.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]