It is widely recognized that mobile devices serve as modern life vaults, containing conversations, credentials, financial records, and fragments of professional strategy behind polished glass screens. But this sense of contained security is increasingly being tested.
A new cross-platform remote access trojan designed to operate across both Android and iOS environments has been discovered by security researchers.
A sophisticated zero-day exploit alone is not sufficient to gain initial access to the threat, as it is able to exploit carefully crafted social engineering lures and sideloaded applications.
Once embedded, it provides continuous, real-time control over compromised devices by capturing screen images, logging keystrokes, and extracting sensitive information and credentials in a systematic manner.
With its modular design and deliberate stealth mechanisms, it blends seamlessly into legitimate system processes, complicating detection efforts for conventional mobile security defenses and emphasizing the increasing threat surface of everyday smartphones and tablets.
Additionally, a thorough analysis indicates that ZeroDayRAT is not a standalone sample of malware, but rather a commercially packaged surveillance platform intended for wide distribution.
A technical report published by iVerify on February 10, 2026 and a follow-up article by The Hacker News on February 16, 2026 indicate that the spyware can be deployed using Telegram-based channels as a ready-to-deploy toolkit.
The system includes a graphical application builder, a web control panel for managing devices, a structured sales and support infrastructure, and regular updates from developers.
With the operation model, advanced mobile compromise can be made accessible to individuals without technical expertise, by decentralizing command infrastructure by allowing each purchaser to operate an independent control panel rather than relying on a shared command-and-control backbone.
Furthermore, ZeroDayRAT does not rely upon exploiting undetected zero-day vulnerabilities within mobile operating systems in order to function.
Rather, its operators employ layered social engineering techniques to obtain initial access.
Early campaigns have exhibited a variety of distribution vectors, including malicious APK download links sent via smishing campaigns, phishing emails that direct recipients to fraudulent portals, cloned app storefronts, and weaponized links distributed through messaging platforms such as WhatsApp and Telegram.
Infection chains typically involve installing malicious configuration profiles or enterprise-signed payloads on iOS devices and Android devices; they are persuaded to sideload malicious applications. When spyware is deployed, it establishes persistent remote access, enabling real-time monitoring, credential harvesting, file extraction, and manipulation of devices.
As of today, this platform is compatible with Android versions 5 through 16 as well as iOS versions 26 and older, as well as newly released hardware. The cross-version operability of commercial spyware underscores the shift towards scalability and adaptability as opposed to exploit dependency in the commercial spyware sector.
Using spyware-as-a-service models to eliminate centralized infrastructure and reduce the technical
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article:
Like this:
Like Loading...
Related
