A new commercial mobile spyware toolkit called ZeroDayRAT is available on Telegram, enabling full remote access to Android and iOS devices. This kit allows attackers to collect data such as location, app usage, and biometric information without the victim’s knowledge.
Features of ZeroDayRAT include:
– Live camera feeds
– Keylogging and cryptocurrency theft
– Location tracking using GPS coordinates
– App usage monitoring
The toolkit provides a self-hosted panel and builder, allowing operators to generate payloads that phone home to their infrastructure. Distribution methods include phishing links, smishing, and social engineering.
Once installed on the target device, ZeroDayRAT provides capabilities such as:
– Victim profiling
– Device information
– Location tracking
– App usage monitoring
– Live camera streaming
However, the true extent of its features is unclear due to lack of information. Daniel Kelley from iVerify states that distribution methods include phishing links and smishing.
The toolkit’s use of disinformation makes it difficult to attribute the attack to a specific individual or organization. Additionally, the lack of a central server for authorities to locate and take down makes takedown challenging.
This new spyware kit is a significant threat, and its availability on Telegram raises concerns about mobile security.
Source: https://www.securityweek.com/new-zerodayrat-spyware-kit-enables-total-compromise-of-ios-android-devices