87/69 Thursday, February 12, 2026
Researchers from mobile security firm iVerify have discovered a new commercial spyware called “ZeroDayRAT,” which is being advertised for sale on Telegram. The tool is promoted as a platform capable of providing full remote control over victims’ devices. It reportedly supports Android versions 5 through 16 and iOS up to version 26, and includes a dashboard that displays detailed device intelligence such as device model, SIM card information, battery status, registered accounts, and application usage history.
ZeroDayRAT’s capabilities span both passive and active data collection. The spyware can track victims’ real-time location via GPS, remotely activate front and rear cameras, enable microphones for eavesdropping, and record screen activity. It also features a keylogging module that captures user inputs, passwords, and screen unlock patterns. If granted SMS access, the malware can read incoming messages to intercept one-time passwords (OTPs) used to bypass two-factor authentication (2FA), and it can also send SMS messages from the compromised device.
Additionally, ZeroDayRAT includes functionality designed to steal cryptocurrency. It scans for wallet applications such as MetaMask, Trust Wallet, Binance, and Coinbase, and uses clipboard injection techniques to replace a copied wallet address with one controlled by the attacker. The spyware can also deploy overlay screens on top of banking and payment apps-including Google Pay, Apple Pay, and PayPal-to trick users into revealing their credentials. Researchers recommend installing applications only from official app stores, and advise high-risk users to enable Lockdown Mode on iOS or Advanced Protection on Android to enhance security.