ZERODAYRAT is a newly discovered commercial mobile spyware toolkit that gives attackers full control over Android and iOS devices, including live camera access, keylogging, and theft of banking and crypto data. First spotted in February 2026 and analysed by iVerify, it is sold on Telegram and rival tools usually built by nation-states. Attackers host their own servers and generate malicious apps to infect victims, with the seller providing sales, support and update channels and a user-friendly control panel.
From the panel, operators can fully control devices, track location in real time, and monitor notifications across apps, while also enumerating every service linked to the device, such as Google, WhatsApp, Instagram and more. The spyware supports live surveillance, including streaming the camera, recording the screen, and capturing the microphone, alongside real-time GPS tracking.
It also includes a built-in keylogger and a crypto stealer component that scans for wallet apps and hijacks clipboard data to replace wallet addresses, plus a banking module using overlays to steal login details. According to the report, ZeroDayRAT represents “the complete mobile compromise toolkit” now offered for sale.