ZeroDayRAT Mobile Spyware Enables Total Surveillance of iOS

Complete Mobile Compromise Toolkit

Security researchers have disclosed a new mobile spyware platform called ZeroDayRAT that provides nation-state-grade surveillance capabilities to a broader range of threat actors. The platform supports Android 5 through 16 and iOS up to version 26, making it one of the most comprehensive mobile compromise toolkits ever documented.

Capabilities

Surveillance Features

Capability	Description
Live Camera	Real-time streaming from front and rear cameras
Screen Recording	Continuous screen capture with minimal battery impact
Microphone	Live audio feed and ambient recording
GPS Tracking	Real-time location tracking with geofencing
Keylogging	Full keystroke capture including passwords
SMS Interception	Read all SMS including OTPs to defeat 2FA

Financial Targeting

Cryptocurrency wallets: MetaMask, Trust Wallet, Binance, Coinbase
Mobile payments: Apple Pay, Google Pay, PayPal
Banking apps: Session hijacking and credential theft

Distribution Method

ZeroDayRAT is distributed primarily via smishing (SMS phishing) campaigns. Victims receive messages impersonating:

Delivery notifications
Bank security alerts
Software update prompts
Government services

Why This Matters

Researchers describe ZeroDayRAT as "a complete mobile compromise toolkit comparable to kits previously requiring nation-state resources." The commoditization of such advanced spyware capabilities raises serious concerns about:

Targeted surveillance of journalists, activists, and dissidents
Financial theft via cryptocurrency and payment platform hijacking
Corporate espionage through real-time device monitoring
2FA bypass rendering common security measures ineffective

Protective Measures

Keep devices fully updated — apply all OS patches immediately
Never click links in unexpected SMS messages
Use hardware security keys instead of SMS-based 2FA
Install apps only from official stores (App Store, Google Play)
Enable lockdown mode on iOS for high-risk individuals
Monitor for unusual battery drain or data usage spikes

The emergence of ZeroDayRAT underscores the growing accessibility of advanced surveillance tools and the critical need for mobile security awareness.

Complete Mobile Compromise Toolkit

Capabilities

Surveillance Features

Capability	Description
Live Camera	Real-time streaming from front and rear cameras
Screen Recording	Continuous screen capture with minimal battery impact
Microphone	Live audio feed and ambient recording
GPS Tracking	Real-time location tracking with geofencing
Keylogging	Full keystroke capture including passwords
SMS Interception	Read all SMS including OTPs to defeat 2FA

Financial Targeting

Cryptocurrency wallets: MetaMask, Trust Wallet, Binance, Coinbase
Mobile payments: Apple Pay, Google Pay, PayPal
Banking apps: Session hijacking and credential theft

Distribution Method

ZeroDayRAT is distributed primarily via smishing (SMS phishing) campaigns. Victims receive messages impersonating:

Delivery notifications
Bank security alerts
Software update prompts
Government services

Why This Matters

Targeted surveillance of journalists, activists, and dissidents
Financial theft via cryptocurrency and payment platform hijacking
Corporate espionage through real-time device monitoring
2FA bypass rendering common security measures ineffective

Protective Measures

Keep devices fully updated — apply all OS patches immediately
Never click links in unexpected SMS messages
Use hardware security keys instead of SMS-based 2FA
Install apps only from official stores (App Store, Google Play)
Enable lockdown mode on iOS for high-risk individuals
Monitor for unusual battery drain or data usage spikes

The emergence of ZeroDayRAT underscores the growing accessibility of advanced surveillance tools and the critical need for mobile security awareness.

ZeroDayRAT Mobile Spyware Enables Total Surveillance of iOS

Complete Mobile Compromise Toolkit

Capabilities

Surveillance Features

Financial Targeting

Distribution Method

Why This Matters

Protective Measures

Fake Call History Apps Stole Payments From Users After 7.3 Million Play Store Downloads

EngageLab SDK Flaw Exposed 50M Android Users, Including 30M Crypto Wallets

'NoVoice' Android Malware on Google Play Infected 2.3 Million Devices

ZeroDayRAT Mobile Spyware Enables Total Surveillance of iOS

Complete Mobile Compromise Toolkit

Capabilities

Surveillance Features

Financial Targeting

Distribution Method

Why This Matters

Protective Measures

Fake Call History Apps Stole Payments From Users After 7.3 Million Play Store Downloads

EngageLab SDK Flaw Exposed 50M Android Users, Including 30M Crypto Wallets

'NoVoice' Android Malware on Google Play Infected 2.3 Million Devices

Complete Mobile Compromise Toolkit

Capabilities

Surveillance Features

Financial Targeting

Distribution Method

Why This Matters

Protective Measures

Related Reading

Complete Mobile Compromise Toolkit

Capabilities

Surveillance Features

Financial Targeting

Distribution Method

Why This Matters

Protective Measures

Related Reading