ZeroDayRAT Spyware Targets Android Devices – Here’s What You Need to Know

A newly identified spyware toolkit is raising serious concerns for Android users. Known as ZeroDayRAT, this spyware gives attackers extensive control over infected Android devices. Security researchers warn that it can collect personal information, monitor activity, and even access live camera and microphone feeds. The spyware is reportedly being distributed through Telegram, making it easier for cybercriminals to obtain and deploy.

According to a recent report from mobile security firm iVerify, ZeroDayRAT has been circulating since last week. The toolkit is designed to work on a wide range of Android devices, from Android 5.0 Lollipop up to the latest Android 16. This broad compatibility increases the potential risk, as many active devices around the world run versions within that range.

ZeroDayRAT Spyware Targets Android Devices – Here’s What You Need to Know

ZeroDayRAT operates through a malicious APK file. An APK is the installation file format used by Android apps. In this case, the APK contains hidden spyware. Once a user installs the infected file, the attacker gains access to a management dashboard. This dashboard provides detailed information about the compromised device.

Through this system, attackers can view the device model, operating system version, phone number, and SIM card details. They can also see which apps are installed and review logs of incoming notifications. This alone creates serious privacy concerns, as notifications may contain personal messages, verification codes, or financial alerts.

The spyware goes much further. It allows attackers to track a victim’s real-time location. It can read SMS messages, including one-time passwords used for banking or account logins. Moreover, it can also access account information stored on the device. In some cases, attackers can activate the camera and microphone without the user’s knowledge. The toolkit even supports live screen monitoring, meaning criminals can watch what a user is doing in real time.

Financial theft is a major risk. ZeroDayRAT includes keylogging capabilities, which record what a user types. This can expose banking credentials, passwords, and other sensitive data. The malware can also manipulate clipboard data. For example, if someone copies a cryptocurrency wallet address, the spyware can replace it with an address controlled by the attacker. Funds may then be transferred to the wrong recipient without the user realizing it.

See Also: Fake Security App Used Hugging Face to Push Thousands of Android Malware Files

Security experts note that tools with this level of capability were once associated mainly with government-backed cyber operations. The fact that such technology is now available through online channels like Telegram shows how advanced cybercrime tools have become more accessible.

Although the spyware is currently spread through Telegram, removing those channels will not eliminate the threat. Individuals who have already obtained the toolkit can continue launching attacks independently.

Importantly, the malware requires users to install the malicious APK manually. This means infection typically happens when someone downloads apps or files from untrusted sources. To reduce risk, users should avoid clicking unknown links and only install apps from official platforms like the Google Play Store. Keeping devices updated and reviewing app permissions regularly can also help strengthen security.

As spyware becomes more advanced, staying cautious online is more important than ever.