ZeroDayRAT Spyware Lets Hackers Hijack Your Android or iPhone Like a Remote Control

đŸ“±đŸ‘€ Someone could be watching through your camera right now. ZeroDayRAT, a zero-day vulnerability, gives hackers full remote control access to Android and iPhone devices, including camera, mic, keystrokes, crypto, 2FA codes, and everything. And it’s being sold on Telegram.

By Farzan Hussain
-
Updated on February 10, 2026 EDT
-
Fact checked by Steven
ZeroDayRAT spyware targeting Android and iOS
  • ZeroDayRAT is being sold to cybercriminals on Telegram, offering complete remote control over Android and iOS devices
  • It can remotely activate your front and back cameras and microphone, log every keystroke, steal your crypto, and hijack your 2FA codes in real time
  • Spyware works on Android 5 through Android 16 and the latest iOS 26, which means nearly every phone is a potential target
  • Researchers warn that a single infected employee device could trigger a full company-wide breach

Someone could be watching through your camera right now. You just don’t know it yet.

That’s not paranoia. That’s ZeroDayRAT. A commercial, buy-it-on-Telegram spyware toolkit that gives criminals complete remote control over your Android or iOS device.

Not partial access. Not limited surveillance. Complete control without you even knowing.

Researchers at mobile threat-hunting company iVerify have discovered malware and say it doesn’t just steal your data, it enables real-time surveillance and financial theft.

This isn’t some teenager’s hobby project. This is a polished, professionally built cyberweapon being sold to anyone with a Telegram account and a credit card.

The ZeroDayRAT Has Some Shocking Features

The ZeroDayRAT operator dashboard displays the model, OS version, battery status, SIM details, country, and lock state for each infected device.

Your phone isn’t a device to these people. It’s a product they manage.

Here’s what they can do once they get access to your phone:

  • Steal your identity: The malware logs app usage, activity timelines, SMS messages, and every registered account on your device, including email addresses and usernames, potentially enabling them to break into everything you own.
  • Watch you live: Attackers can activate your front and rear cameras and microphone for live feeds, or record your screen to expose secrets in real time.
  • Bypass your 2FA: ZeroDayRAT captures incoming one-time authentication codes as soon as they arrive in your inbox. That security layer protecting your bank account? Gone.
  • Log every keystroke: The keylogging module captures passwords, gestures, and screen unlock patterns. Everything you type. Every swipe. Every PIN entry. Nothing is private.
  • Steal your crypto: A cryptocurrency stealer scans for MetaMask, Trust Wallet, Binance, and Coinbase, logs wallet IDs and balances, and even attempts to replace copied wallet addresses with attacker-controlled ones.

You think you’re sending crypto to your own wallet. However, you will actually be funding your attacker.

This is not a bug. This is a spyware product. Feature-rich, powerful, actively maintained, and sold with customer support.

It Targets Every Phone You Own

ZeroDayRAT supports Android versions 5 through 16 and iOS up to the latest release, i.e., iOS 26. That’s essentially every smartphone made in the last decade.

Android 5 was launched back in 2014, and the newest devices run Android 16 in 2026. On the other hand, the latest iPhone 17 is running iOS 26. ZeroDayRAT doesn’t care about your update history or how up-to-date your phone is.

Whether it is an old phone or a new phone. Whether it is an Android or an iPhone. All of these devices are vulnerable.

Here’s what makes ZeroDayRAT uniquely terrifying: it’s not deployed by governments or elite hacker groups with million-dollar budgets. It’s easily available on Telegram to anyone. And you don’t need any technical skills to use it.

The Corporate Nightmare Nobody’s Talking About

iVerify researchers warn that one compromised employee device could trigger a full enterprise breach. Think about that for a second.

One sales representative’s infected phone. One executive’s compromised device with VPN credentials was saved. One developer clicked a suspicious link.

ZeroDayRAT doesn’t just steal personal photos. It scans for corporate credentials, intercepts business communications, captures VPN login patterns, and silently steals documents from work apps.

The scariest corporate attack isn’t a sophisticated nation-state targeting your company’s servers. It’s an employee’s personal phone that got infected after downloading a cracked game from an unofficial app store over the weekend.

How You Actually Get Infected

Infection typically happens through:

  • Malicious links sent via SMS or messaging apps
  • Fake app downloads pretending to be real software
  • Compromised third-party app stores
  • Phishing emails with dangerous attachments

Once installed, ZeroDayRAT establishes a permanent connection to the attacker’s servers. It’s not a smash-and-grab. It’s a permanent resident in your pocket.

The truly terrifying part? ZeroDayRAT exploits zero-day vulnerabilities. These are security flaws that haven’t been discovered or patched yet. Traditional security tools may not detect or prevent its installation.

You can’t patch what nobody knows about yet.

Even The 2FA Won’t Protect Your Accounts and Profiles

Every security professional has spent years telling people to enable SMS-based two-factor authentication as the foundation of account security.

ZeroDayRAT makes that advice completely useless.

When the attacker controls the device receiving the one-time password, there is no secure second factor. Your 2FA code arrives on your phone via SMS. ZeroDayRAT reads it first, and the attacker can log in before you even see the notification.

That feeling of security you had? Gone.

The Verdict

ZeroDayRAT isn’t a warning about what could happen someday. It’s proof of what is happening right now.

The commercial spyware industry has evolved from selling government-level tools at million-dollar price points to selling Telegram subscriptions that any motivated criminal can afford. The technology once used to track journalists and political dissidents is now available to stalkers, corporate spies, fraud rings, and anyone with a grudge and a crypto wallet.

For an individual, this means complete exposure of their private life and devastating financial loss. For a company, it’s a breach waiting to be discovered, and in most cases, months after the damage is already done.

Your phone knows everything about you. And right now, someone is selling the tools to read every single one of those secrets.

More From BestForAndroid
OPPO Just Solved Foldables’ Biggest Problem with a Crease-Free Display OPPO Just Solved Foldables’ Biggest Problem with a Crease-Free Display Apple Just Made Leaving iPhone Easy, iOS 26.3 Brings ‘Transfer to Android’ Apple Just Made Leaving iPhone Easy, iOS 26.3 Brings ‘Transfer to Android’ Google to Officially Offer AirDrop Support on Android Devices via Quick Share Google to Officially Offer AirDrop Support on Android Devices via Quick Share You Can Now Remove YouTube Shorts from Your Feed You Can Now Remove YouTube Shorts from Your Feed Deleted Signal Encrypted Messages Recovered from iPhone, Raises Privacy Concerns Deleted Signal Encrypted Messages Recovered from iPhone, Raises Privacy Concerns Anker 45W Nano Fast Charger with Smart Display Now Available for $27.99 Anker 45W Nano Fast Charger with Smart Display Now Available for $27.99 This One Feature Just Made Me Trust the Google Play Store Again This One Feature Just Made Me Trust the Google Play Store Again A Robot That Puts Your Towel into Washing Machine, Unloads Dishwasher, and Makes Breakfast A Robot That Puts Your Towel into Washing Machine, Unloads Dishwasher, and Makes Breakfast Samsung’s S26 Ultra Horizon Lock Makes A $200 Gimbal Completely Useless Samsung’s S26 Ultra Horizon Lock Makes A $200 Gimbal Completely Useless The S26 Ultra’s ‘Privacy Display’ Is Designed For Your Spicy Screen Time and Samsung Knows It The S26 Ultra’s ‘Privacy Display’ Is Designed For Your Spicy Screen Time and Samsung Knows It YouTube Blocked a Free Workaround Just to Charge You $8 for It a Month Later YouTube Blocked a Free Workaround Just to Charge You $8 for It a Month Later Huawei Pura X Max Unveiled, Shows The Foldable Future Apple Hasn’t Built Yet Huawei Pura X Max Unveiled, Shows The Foldable Future Apple Hasn’t Built Yet