New Spyware Can Track Everything You Do On Both Android And iPhone

Thx4stock/Getty Images

The world of malware is always expanding as bad actors come up with new ways to try to swindle people out of their money and data. However, one of the newest threats out there, a spyware platform called ZeroDayRAT, is certainly one of the most terrifying that has been seen in recent years. The reason that it’s so terrifying is that when a device is infected with this platform, it gives the bad actors with a connection to that device unfettered access to everything — from camera livestreams to microphone access, and even a full breakdown of all the notifications and text messages that phone has received.

And this malware isn’t just locked to one platform. It can infect both iOS and Android devices. Of course, this isn’t the first terrifying mobile malware that has been seen, which is partly why Google is looking at changing how sideloading apps on Android works, and why Apple doesn’t want iPhone users installing apps outside the App Store. The best way to avoid this is to stay vigilant and not click on links from untrusted sources or install apps outside of the App Store or Google Play Store.

While other malware exists on Android and iOS, one of the most prominently troubling facts surrounding ZeroDayRAT is that it doesn’t need any technical expertise to be used and gives those who utilize it so much access to the devices they infect. Further, iVerify reports that it is being sold openly on platforms like Telegram.

One of the most horrifying things about ZeroDayRAT is the fact that it gives the attacker so much access to information in one place. According to the platform’s breakdown, infected devices begin to transmit almost all of their data to the backend. This means that the attackers can see a full breakdown of all the notifications coming through, a fully searchable inbox for text messages, and even information such as the device model, the OS it is running, and the current battery and lock status.

The dashboard also provides the malware runners with information through a live activity timeline, which is visible directly on the first screen of the platform’s dashboard. Reports indicate that this is more than enough information to profile the owner of the infected device, as it lists who they have been talking to, what their most used apps are, and what network they are most active on. Additionally, it also reveals any intercepted messages from the banking services installed on the device, as well as personal contact details.

This isn’t all there is, though, as the dashboard also gives the bad actor full access to the device’s GPS location, including an embedded Google Maps viewer with extensive location history information. Apps like WhatsApp also get their own tabs, allowing the user to quickly look through any notifications that have come from those applications.

Moor Studio/Getty Images

iVerify also notes that the bad actors can take a more active approach to how they collect data through keylogging and live surveillance. This allows the malware owner to actually connect to your device’s media systems and watch live video from the front or back camera, the screen recorder, as well as listen to audio from the microphone. The embedded keylogger also captures every input, including context — like what app was opened, how long it took, and even what keystrokes and gestures were used to access those applications. The attacker can literally see everything that is happening on the device as it happens.

As if that wasn’t enough, this malware is also equipped with a full suite of banking and cryptocurrency theft tools, which allow the attacker to target online banking apps such as Apple Pay and PayPal, while another works to scan and redirect outgoing transfers to the attacker’s wallet through clipboard address injection systems. There doesn’t appear to be any options that let the bad actors control your device, but there is still plenty of bad on display here.

The report from iVerify suggests that this malware platform is a “complete mobile compromise toolkit.” And that statement isn’t wrong. If your device were to become infected with this malware, then it could literally track everything you do on your Android or iPhone, and it can target up to the latest versions of both operating systems, including the iPhone 17.