ZeroDayRAT Targets Android and iOS Devices for Surveillance and Financial Data Theft

The emergence of mobile‑focused RATs as a Malware‑as‑a‑Service offering reflects a broader shift in cybercrime economics. By packaging advanced surveillance tools with financial‑theft modules, providers like ZeroDayRAT enable actors without deep technical expertise to rent turnkey capabilities. This commoditization accelerates the diffusion of sophisticated threats across the Android and iOS ecosystems, challenging traditional security models that have historically prioritized desktop environments. As mobile devices become primary gateways to personal finance and corporate data, the incentive for attackers to exploit them intensifies.

ZeroDayRAT’s technical arsenal combines classic espionage functions—live camera feeds, microphone activation, GPS tracking—with novel financial‑theft techniques such as clipboard injection and overlay attacks on popular payment apps. The integration of OTP interception further erodes two‑factor authentication, a cornerstone of modern security. While some promotional screenshots appear fabricated, the verified capabilities already enable credential harvesting, keylogging, and real‑time exfiltration of crypto wallet addresses, presenting a tangible risk to both individual users and organizations that permit BYOD policies.

Mitigating this evolving threat requires a layered approach. Enterprises should enforce strict mobile device management, restrict installation of unsigned applications, and deploy anti‑smishing awareness training. On the consumer side, users must verify app sources, scrutinize unexpected SMS links, and consider security solutions that monitor anomalous app behavior. As the MaaS market matures, regulators and security vendors are likely to introduce standards for mobile threat intelligence sharing, aiming to curtail the rapid adoption of services like ZeroDayRAT before they become entrenched in the cyber‑crime supply chain.