NewsBeat
Android & iOS users warned of malware stealing bank details
The new malware is called ZeroDayRAT and it combines “real-time surveillance with direct financial theft within a single browser panel”.
“ZeroDayRAT is a toolkit that goes beyond classic data theft, aiming to compromise the target’s digital and physical life,” Cyberthint explains.
“Attackers purchase this service via Telegram and attempt to install an APK (Android) or Payload (iOS) onto the victim’s device.”
ZeroDayRAT – Mobile Espionage and Financial Theft Platform
As the Cyberthint research team, we analyzed a new mobile threat called ZeroDayRAT, which is being marketed in the Telegram underworld and claims to target both Android and iOS devices with a 1-click attack.
🔍 Key… pic.twitter.com/YlpA7VYTnU
— Cyberthint (@cyberthint) February 17, 2026
How the ZeroDayRAT malware works
The most common way Android and iOS devices are infected with the ZeroDayRAT malware is via Smishing (SMS Phishing) attacks, according to Cyberthint.
The cyber threat experts continue: “Victims are sent fake links that appear to be from legitimate applications or updates.”
Once the victim clicks on this fake link, the malware is installed, and it allows hackers access to:
- Device model, battery status, carrier information
- Most frequently used apps and activity timeline
- Call and SMS history
- Cameras and microphone
- Live location
The software is also designed for financial gain, giving hackers the ability to infiltrate banking and payment systems. It allows:
- Crypto Wallet stealing – it scans wallet applications like MetaMask, Trust Wallet, Binance, and Coinbase. Using Clipboard Injection techniques, the attacker replaces the user’s wallet address with their own, redirecting transfers to themselves.
- Access to banking and payment systems – it steals login credentials by performing Overlay attacks on Apple Pay, Google Pay, PayPal, and local payment systems.
- OTP bypassing – it captures one-time passwords from banks in real-time via SMS access.
How to avoid contracting malware on your Android or iOS device
To avoid contracting ZeroDayRAT or other malware on your device, the experts at Cyberthint have shared some helpful tips:
- Never click on links in SMS messages, WhatsApp messages, or emails from unknown numbers.
- Use authenticator apps or hardware keys instead of SMS-based two-factor authentication for increased account security.
- Check your device regularly for anomalies such as sudden increases in battery drain, excessive data usage, or screens turning on spontaneously (all could be signs of spyware).
Have you been targeted by ZeroDayRAT or other malware? Let us know in the poll above or in the comments below.