A new malware family called ZeroDayRAT bundles spyware, surveillance, and info-stealing capabilities for mass-market criminals, according to mobile security vendor iVerify, with access to a developer-backed panel for sales, support and updates. The campaign distributes via malicious binaries (Android APKs or iOS payloads) and relies on social engineering, including SMiShing where a text link leads to a download, alongside phishing emails, fake app stores and messaging on WhatsApp or Telegram.
Once on a device, ZeroDayRAT can enumerate accounts, capture SIM and location data, preview recent SMS messages and more, enabling credential theft and targeted social engineering; it also features a keylogger, microphone, screen recorder, and crypto and bank stealers, effectively bypassing MFA in real time.
Kelley of iVerify describes ZeroDayRAT as “textbook stalkerware,” noting that its capabilities can threaten journalists, activists and domestic abuse victims, while enterprises with lax BYOD policies are at risk too. The price point for full access is about $2,000, indicating a commoditised but still high-end product aimed at a broader criminal market, not just script kiddies.