{"id":214203,"date":"2026-02-16T05:24:00","date_gmt":"2026-02-16T10:24:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/02\/16\/new-zerodayrat-mobile-spyware-enables-real-time-surveillance-and-data-theft\/"},"modified":"2026-02-16T15:35:08","modified_gmt":"2026-02-16T20:35:08","slug":"new-zerodayrat-mobile-spyware-enables-real-time-surveillance-and-data-theft","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/02\/16\/new-zerodayrat-mobile-spyware-enables-real-time-surveillance-and-data-theft\/","title":{"rendered":"New ZeroDayRAT Mobile Spyware Enables Real-Time Surveillance and Data Theft"},"content":{"rendered":"<p><a href=\"https:\/\/thehackernews.com\/2026\/02\/new-zerodayrat-mobile-spyware-enables.html\">New ZeroDayRAT Mobile Spyware Enables Real-Time Surveillance and Data Theft<\/a><\/p>\n<p><a href=\"https:\/\/thehackernews.com\/2026\/02\/new-zerodayrat-mobile-spyware-enables.html\">https:\/\/thehackernews.com\/2026\/02\/new-zerodayrat-mobile-spyware-enables.html<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-02-16 05:24:00<\/a><\/p>\n<p>Source Domain: <a href=\"thehackernews.com\">thehackernews.com<\/a><\/p>\n<p>Cybersecurity researchers have disclosed details of a new mobile spyware platform dubbed <strong>ZeroDayRAT<\/strong> that&#8217;s being advertised on Telegram as a way to grab sensitive data and facilitate real-time surveillance on Android and iOS devices.<\/p>\n<p>&#8220;The developer runs dedicated channels for sales, customer support, and regular updates, giving buyers a single point of access to a fully operational spyware panel,&#8221; Daniel Kelley, security researcher at iVerify, said. &#8220;The platform goes beyond typical data collection into real-time surveillance and direct financial theft.&#8221;<\/p>\n<p>ZeroDayRAT is designed to support Android versions 5 through 16 and iOS versions up to 26. It&#8217;s assessed that the malware is distributed via social engineering or fake app marketplaces. The malicious binaries are generated through a builder that&#8217;s provided to buyers along with an online panel that they can set up on their own server.<\/p>\n<p>Once the malware infects a device, the operator gets to see all the details, including model, location, operating system, battery status, SIM, carrier details, app usage, notifications, and a preview of recent SMS messages, through a self-hosted panel. This information allows the threat actor to profile the victim and glean more about who they talk to and the apps they use the most.<\/p>\n<p>The panel also extracts their current GPS coordinates and plots them on Google Maps, along with the history of all locations they have been to over time, effectively turning it into spyware.<\/p>\n<p>&#8220;One of the more problematic panels is the accounts tab,&#8221; Kelley added. &#8220;Every account registered on the device is enumerated: Google, WhatsApp, Instagram, Facebook, Telegram, Amazon, Flipkart, PhonePe, Paytm, Spotify, and more, each with its associated username or email.&#8221;<\/p>\n<p>Some of the other capabilities of ZeroDayRAT include logging keystrokes, gathering SMS messages &#8212; including one-time passwords (OTPs) to defeat two-factor authentication, as well as allowing hands-on operations, such as activating real-time&#8230;<\/p>\n<p><a href=\"https:\/\/thehackernews.com\/2026\/02\/new-zerodayrat-mobile-spyware-enables.html\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>New ZeroDayRAT Mobile Spyware Enables Real-Time Surveillance and Data Theft https:\/\/thehackernews.com\/2026\/02\/new-zerodayrat-mobile-spyware-enables.html Publish Date: 2026-02-16 05:24:00&#8230;<\/p>\n","protected":false},"author":1,"featured_media":214204,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgUKaEDCa0YvJa9oAIavVh9Rz9NN1Cj0XVy8fKroTXMBQp7rYGL14oiZ14iCTMk0ToBg1wWx-iTClSpoZ_wg4hSAgPvFyatlGddSFgnaqdREUK24NW6xdnVgajR703vH_UpbjnLC4_NdFy1RC4pETcSTaxekLpAXNfz0n8ME7s9nyIco15DjjTiZwm7Tkhs\/s1600\/android-spyware.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,32,34],"class_list":["post-214203","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-malware","tag-threat-actor"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/214203"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=214203"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/214203\/revisions"}],"predecessor-version":[{"id":214205,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/214203\/revisions\/214205"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/214204"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=214203"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=214203"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=214203"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}