What happened
Security researchers have identified a new mobile spyware platform called ZeroDayRAT that is being openly marketed on Telegram, offering attackers full remote access to compromised Android and iOS devices, enabling data theft and real-time surveillance.
Who is affected
Android devices from version 5 up through Android 16 and iOS devices up to version 26 (including the latest models) are susceptible once the spyware is installed, with infection vectors including smishing, phishing emails, fake app marketplaces, and social engineering.
Why CISOs should care
ZeroDayRAT represents a significant shift in the mobile threat landscape: it combines deep device compromise, extensive data exfiltration, and commercial availability, lowering the barrier for attackers to infiltrate enterprise and employee devices. The toolkit provides operators a dashboard to monitor location, messages, notifications, app usage, and account details, increasing risks to corporate data, identity integrity, and financial assets.
3 practical actions
- Strengthen mobile security policies: Enforce mobile device management (MDM) and restrict installation of unvetted apps; require app store downloads only from trusted sources.
- Enhance user awareness training: Educate employees about smishing, phishing, and social engineering tactics that deliver malicious payloads.
- Monitor and respond to anomalies: Deploy mobile threat detection tools and investigate unusual device behaviors (unexpected access requests, high data transmission, location anomalies).