Gnarly new Android spyware could let attackers track your location, steal banking info
Published: (February 10, 2026 at 02:52 PM EST)
2 min read
Source: Android Authority
Source: Android Authority
TL;DR
- A newly described malware toolkit provides attackers deep access to device and personal information.
- The spyware is being distributed through Telegram and requires Android targets to install a malicious APK.
- Android devices running versions 5 through 16 can be affected.
Overview
ZeroDayRAT is a spyware toolkit being distributed through Telegram, allowing deep access to targeted Android devices without requiring advanced technical knowledge. A report published by mobile‑research company iVerify details the threat.
Distribution
- The toolkit is sold via Telegram channels, with activity observed since last week.
- It consists of a malicious APK that, once installed, connects to a remote dashboard.
- Although the primary distribution channel is Telegram, the kit can be used by any actor who obtains it.
Capabilities
Once the APK is installed, the attacker gains access to:
- Device details: model, OS version, phone number, SIM information, etc.
- List of installed applications and a log of incoming notifications.
- Real‑time location tracking.
- Account information for all accounts registered on the device.
- SMS messages, including one‑time‑passcodes (OTPs).
- Live camera and microphone feeds.
- Real‑time screen capture/streaming.
- Keylogging for banking credentials.
- Clipboard manipulation, enabling redirection of cryptocurrency transfers.
Impact
The level of access provided by ZeroDayRAT means that sensitive personal and financial data can be harvested and exfiltrated. The report notes that such sophisticated malware previously required nation‑state resources, highlighting the seriousness of the threat. While this article focuses on Android, newer iOS versions are also reportedly affected.
Mitigation
- Avoid installing apps from unknown sources. Only download applications from the Google Play Store or other trusted repositories.
- Be cautious with links received from untrusted sources, especially on messaging platforms like Telegram.
- Follow general Android security best practices, such as those outlined in the Android Security Checklist.