Threat Intelligence, Malware

Android, iOS device compromise threatened by new ZeroDayRAT spyware

SecurityWeek reports that novel commercial spyware toolkit ZeroDayRAT could be leveraged to enable total remote compromise of both Android and iOS devices.

Installation of ZeroDayRAT, which has been distributed on Telegram since Feb. 2, not only facilitates victim and device profiling, location tracking, and app usage monitoring but also live camera streaming and microphone and screen recording, an analysis from iVerify showed. In addition to a keylogger obtaining gestures and biometric unlocks, ZeroDayRAT also features a cryptocurrency stealer that enables continuous clipboard injections and a bank stealer that targets banking credentials. Disrupting ZeroDayRAT was regarded as a significant challenge due to difficulties in identifying its creator and its lack of a central server.

"Every operator runs their own instance, so you're playing whack-a-mole against individual infrastructures. The Telegram sales channel is the most visible chokepoint, but Telegram takedowns are slow, and even if it happens, the developers just spin up a new channel," said iVerify research fellow Daniel Kelley.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds