الاثنين 06 يوليو 2026 21:24:37 GMT+02:00

Netcrook

الرئيسيةالبيان
الأخبار
Techcrook
Geocrook
WikicrookالفريقAppاتصال
ArabicEnglishItaliano

AI Security & Agentic Systems

Spyware for Sale: ZeroDayRAT Ushers in a New Era of Mobile Surveillance and Theft

Published: 16 February 2026 13:36Category: AI Security & Agentic SystemsAuthor: LOGICFALCON

A new commercial spyware kit, ZeroDayRAT, turns smartphones into open books-no government-grade skills required.

It starts with a single click-a fake app, a tempting link, or a too-good-to-be-true update. Within moments, ZeroDayRAT, the latest weapon in the cybercriminal arsenal, is burrowing deep into your phone. It doesn’t just harvest your messages or track your movements. It watches, listens, and steals in real time, blending nation-state-level surveillance with streamlined cybercrime. And thanks to thriving Telegram marketplaces, this power is available to anyone with enough cryptocurrency, no coding skills necessary.

The New Face of Mobile Espionage

In the past, hacking a phone to this extent required sophisticated exploits and deep pockets-usually the realm of nation-state actors. ZeroDayRAT changes the game. Its developer offers not only the malware but also a slick online management panel, regular updates, and customer support, all via Telegram channels. Buyers simply generate malicious apps with a click, then deploy them through social engineering, fake app stores, or phishing campaigns.

Once inside a device, ZeroDayRAT gives attackers a panoramic view: model, OS, SIM data, battery status, app usage, contacts, and a live map tracking every move. The “accounts” view is chilling-Google, WhatsApp, Instagram, Amazon, and banking apps all laid bare. Keystroke logging and notification previews let attackers monitor conversations and harvest credentials, while live camera and microphone feeds turn every phone into a bugged surveillance device.

The financial modules are equally aggressive. ZeroDayRAT scans for crypto wallets like MetaMask and Binance, hijacking clipboard transactions to steal funds. A separate bank stealer targets Apple Pay, Google Pay, PayPal, and leading regional payment apps, rerouting money with surgical precision.

This platform isn’t alone. Recent months have seen a surge of mobile malware: RATs using cloud services for command-and-control, banking trojans masquerading as document readers, ransomware modules, and NFC relay attacks siphoning tap-to-pay transactions. Social engineering-from fake browser updates to romance scams-remains a favored delivery route, with some campaigns exploiting verified ad accounts and even video calls to trick victims.

The tools are getting bolder, and the marketplace is booming. One NFC relay tool, TX-NFC, boasts over 25,000 Telegram subscribers, with rivals close behind. Group-IB estimates at least $355,000 in fraudulent NFC transactions from a single vendor in less than a year. The message is clear: the cybercrime-as-a-service model is thriving, and mobile users are the new low-hanging fruit.

Conclusion

ZeroDayRAT is both a warning and a watershed. As turnkey spyware kits go mainstream, the boundary between targeted espionage and mass cybercrime blurs. For users, the risk is no longer theoretical-your phone could be turned against you with a single tap. In this new era, vigilance, skepticism, and up-to-date security are your best defense. But as the underground market grows ever more sophisticated, the next wave of mobile threats is already on the horizon.

WIKICROOK

  • Remote Access Trojan (RAT): A Remote Access Trojan (RAT) is malware that lets attackers secretly control a victim’s computer from anywhere, enabling theft and spying.
  • Phishing: Phishing is a cybercrime where attackers send fake messages to trick users into revealing sensitive data or clicking malicious links.
  • NFC Relay Attack: An NFC relay attack lets criminals trick contactless payment systems by relaying signals from a victim’s device, enabling unauthorized transactions remotely.
  • Clipboard Hijacking: Clipboard hijacking is when malware secretly changes copied data, like wallet addresses, to steal information or redirect funds without your knowledge.
  • Command: A command is an instruction sent to a device or software, often by a C2 server, directing it to perform specific actions, sometimes for malicious purposes.