Find notable cyber news and cases, enriched with sources, timelines, and signals.

ZeroDayRAT mobile spyware targeting Android and iOS

Malware Activity
First reported
Last updated
Happening score
H score 26
2 unique sources, 2 articles

Summary

Hide ▲

ZeroDayRAT is a newly documented mobile spyware operation targeting Android and iOS devices, creating broad risk for persistent surveillance and financial abuse. It can expose communications, precise location data, and banking activity once a victim installs the malicious payload. The tool’s access to a web dashboard and theft modules makes credential theft, account takeover, and data exfiltration more likely after infection.

Related Happenings

RedWing Android spyware rented through Telegram

Malware Activity
H score21 First: 08.07.2026 18:30 Last: 08.07.2026 18:30 Sources 1

About this happening: The **RedWing** Android spyware operation is being rented through **Telegram**, lowering the barrier for criminals to hijack phones and steal **banking credentials**. The malware...

MacOS.Gaslight Rust infostealer-backdoor with Telegram Bot API channel

Malware Activity
H score30 First: 24.06.2026 17:00 Last: 24.06.2026 17:00 Sources 1

About this happening: Researchers identified **macOS.Gaslight**, a **North Korea-linked** **Rust** infostealer-backdoor that can steal **Chrome, Brave, Firefox and Safari** data, terminal histories, in...

Rokarolla Android banking trojan activity

Malware Activity
H score26 First: 16.06.2026 16:15 Last: 16.06.2026 16:15 Sources 1

About this happening: The **Rokarolla** **Android banking trojan** is expanding phone-level control on infected devices, letting attackers steal credentials, intercept authentication codes, and hide fr...

BTMOB Android RAT no-code builder malware activity

Malware Activity
H score28 First: 26.05.2026 17:00 Last: 26.05.2026 17:00 Sources 1

About this happening: **BTMOB** is an **Android RAT** sold as **malware-as-a-service** on the **clearweb** and in private **Telegram** channels, with a **no-code APK builder** that generates customized...

Latest development: 29.05.2026 00:10

BTMOB is openly advertised on the clearweb and in private Telegram channels as a malware-as-a-service (MaaS) platform with an APK builder that customizes phishing payloads without coding. The Android RAT targets users mainly in Brazil and Latin America, uses phishing sites masquerading as streaming services, cryptocurrency mining platforms, and Google Play portals, and custom lures have included an Argentinian government agency theme.

AI-driven attack surge against customer-facing mobile apps in 2026

Trend
H score43 First: 19.05.2026 15:00 Last: 19.05.2026 15:00 Sources 1

About this happening: **Customer-facing mobile apps** faced a sharp rise in attacks in **2026**, with **87%** of monitored apps hit versus **55% in 2022**. The trend matters because **agentic AI** is l...

Timeline

  1. 10.02.2026 16:00 2 articles · 4mo ago

    ZeroDayRAT documented targeting Android and iOS

    Initial Disclosure

    ZeroDayRAT is a mobile spyware operation targeting Android and iOS devices, installed when a victim is persuaded to install a malicious Android APK or iOS payload, often through smishing, phishing emails, counterfeit app stores, or links shared through WhatsApp or Telegram; once deployed, it provides persistent access to communications, precise location data, banking activity, camera, microphone, keystrokes, and a web-based dashboard, and it includes crypto-stealing and banking-stealing modules aimed at PhonePe, Google Pay, Apple Pay and PayPal.

    Show sources