Mishaal Rahman / Android Authority
TL;DR
- A newly described malware toolkit provides attackers deep access to device and personal information.
- The spyware is being distributed through Telegram and requires Android targets to install a malicious APK.
- Android devices running versions 5 through 16 can be affected.
There’s a nasty new spyware worry about on Android. ZeroDayRAT is a spyware toolkit being distributed through Telegram, allowing deep access to targeted devices without much technical knowledge required.
A report published today by mobile research company iVerify breaks down the ZeroDayRAT threat. According to the report, the exploit is being sold through Telegram, seemingly since last week. It gives bad actors access to a wide variety of sensitive information, and can be leveraged against target devices running Android, from version 5.0 Lollipop all the way to today’s Android 16.
Don’t want to miss the best from Android Authority?
The ZeroDayRAT toolkit for Android comprises a malicious APK that infects devices and a dashboard that provides deep insight into the data on those infected devices. Once the APK has been installed, the dashboard provides access to device information including model, operating system, phone number, SIM info, and more. It can also reveal which apps are installed on the device, as well as a log of all incoming notifications.
Even more alarmingly, ZeroDayRAT allows bad actors to track targets’ locations in real time; view info for all accounts registered on target devices; and read SMS messages, including OTP codes. The kit allows attackers real-time access to live camera and microphone feeds, and even a live-streamed view of what a user is doing on their screen at any given time.
The access afforded to attackers by ZeroDayRAT means that user baking info can be scooped up with keylogging. The malware is also capable of injecting its own information into device clipboards, a capability that can be used to reroute cryptocurrency transfers from their intended targets to wallets owned by attackers.
This is clearly a pretty serious threat; the report notes that malware this sophisticated “used to require nation-state investment.” While we’re focusing on the Android impact here, the latest versions of iOS are also affected.
ZeroDayRAT is currently being distributed over Telegram, but even if the channels providing access to the kit are taken down, individual bad actors who’ve acquired the tools will still be able to launch attacks.
Access requires the installation of a specific APK on your device, so as always, be on guard any time you’re clicking links from untrusted sources or installing apps from anywhere other than the Play Store.
Thank you for being part of our community. Read our Comment Policy before posting.
By
