Built For & By Cyber Security Professionals
logo
mobile-logo
HomeMobile SecurityZeroDayRAT: The Rising Threat of Mobile Spyware and Payment Fraud
Mobile Security
mobile‑spyware‑defense‑strategies‑against‑nfc‑fraud

ZeroDayRAT: The Rising Threat of Mobile Spyware and Payment Fraud

Spread the word

Cybersecurity researchers have recently uncovered a powerful new mobile spyware platform called ZeroDayRAT, now being openly marketed on Telegram. This advanced malware is designed to infiltrate both Android and iOS devices, giving cybercriminals unprecedented access to sensitive data, real‑time surveillance, and even financial theft.

 

What Makes ZeroDayRAT Dangerous?

  • Cross‑platform reach: Compatible with Android 5–16 and iOS up to version 26.
  • Surveillance toolkit: Tracks GPS location, records keystrokes, streams live camera and microphone feeds, and monitors app usage.
  • Account harvesting: Collects login details from Google, WhatsApp, Instagram, Facebook, Telegram, Amazon, and more.
  • Financial theft: Includes a crypto wallet stealer (MetaMask, Binance, Coinbase) and a banking module targeting Apple Pay, Google Pay, PayPal, and India’s PhonePe.
  • Distribution method: Spread via social engineering attacks and fake app marketplaces, making it easy for attackers to trick users into installation.

As one researcher noted, “A single buyer gets full access to a target’s location, messages, finances, camera, microphone, and keystrokes from a browser tab.” This highlights how commercial spyware has lowered the barrier for cybercrime.

 

Other Active Mobile Malware Campaigns

ZeroDayRAT is part of a growing wave of mobile malware campaigns worldwide:

  • Arsink RAT – Uses Google Apps Script and Firebase for data theft, spread via Telegram and Discord.
  • Anatsa banking trojan – Hidden inside a Google Play app with 50,000+ downloads.
  • deVixor – Targets Iranian users with phishing sites and includes ransomware capabilities.
  • ShadowRemit – Fake remittance apps bypassing regulated money transfer corridors.
  • Triada trojan – Distributed via phishing pages disguised as Chrome updates.
  • GhostChat spyware – Romance scam app in Pakistan linked to WhatsApp hijacking.
  • Phantom click fraud trojan – Uses TensorFlow.js to automate ad clicks.
  • NFCShare malware – Steals NFC card data via phishing campaigns.

The Growing Risk of NFC Tap‑to‑Pay Fraud

Beyond spyware, NFC payment scams are becoming a major concern. Group‑IB reports over $355,000 in fraudulent transactions between late 2024 and mid‑2025. Malware families like TX‑NFC, X‑NFC, and NFU Pay are advertised in cybercrime communities, tricking victims into tapping physical cards on infected smartphones. Attackers then relay transaction data to mule devices, enabling unauthorized purchases worldwide.

How to Protect Yourself Against Mobile Spyware and NFC Fraud

With threats like ZeroDayRAT and NFC relay malware on the rise, both individuals and organizations need to adopt proactive mobile security strategies. Here are practical steps:

1. Avoid Third‑Party App Stores

  • Only download apps from Google Play or the Apple App Store.
  • Cybercriminals often spread spyware through fake marketplaces and phishing websites.

2. Verify App Permissions

  • Be cautious of apps requesting accessibility services, camera, microphone, or location tracking.
  • If an app asks for more permissions than it needs, treat it as a red flag.

3. Keep Devices Updated

  • Regularly update your Android or iOS system to patch vulnerabilities.
  • Enable automatic updates for apps and operating systems.

4. Use Mobile Security Tools

  • Install reputable mobile antivirus or endpoint protection solutions.
  • Enable built‑in protections like Google Play Protect and Apple’s app notarization.

5. Protect Financial Transactions

  • Avoid copying and pasting wallet addresses — spyware like ZeroDayRAT can swap them.
  • Use multi‑factor authentication (MFA) for banking and crypto apps.
  • Monitor transactions regularly for suspicious activity.

6. Defend Against NFC Relay Attacks

  • Disable NFC when not in use.
  • Use secure payment apps with biometric authentication.
  • Be wary of requests to “tap your card” on a phone — this is a common fraud tactic.

7. Stay Alert to Phishing & Social Engineering

  • Don’t click on links in WhatsApp, Telegram, or SMS from unknown senders.
  • Verify communications claiming to be from banks, payment apps, or government services.

8. Educate Teams & Employees

  • Organizations should train staff on mobile phishing risks.
  • Implement mobile device management (MDM) policies to enforce security standards.

Why This Matters

The rise of ZeroDayRAT and NFC‑enabled fraud shows that mobile devices are now the primary target for cybercriminals. What once required nation‑state resources is now available to anyone with access to Telegram. This shift underscores the urgent need for stronger mobile security practices, awareness of phishing tactics, and vigilance against fake apps.

Follow Us On – X.comTelegram, LinkedIN, Discord Server,

 

For The Latest Updates, Vulnerability Insights, Security News, Cyberattack Scoops And Cybersecurity Best Practices Delivered Straight To Your Inbox – Subscribe To Our Newsletter

Tags
Related Articles

Logo White
Who We Are:

Roguevault News is an independent and authoritative voice in the cybersecurity world. For over a decade, we’ve built a reputation as a trusted source for balanced, timely, and in‑depth reporting.

Want Latest News in Your Inbox?

Subscribe Right Now.

    Built For & By Cyber Security Professionals | © 2026 Roguevault News