A latest mobile spyware platform called ZeroDayRAT is lowering the barrier to entry for attackers, offering comprehensive remote control of infected smartphones through readily available sales channels on Telegram. The discovery comes as Apple recently issued emergency updates to address actively exploited security vulnerabilities.
Spyware Available as a Turnkey Solution
According to security researchers at iVerify, ZeroDayRAT is distributed via dedicated Telegram channels, complete with customer support and regular updates. The platform requires minimal technical expertise from those seeking to deploy it. Attackers gain full control through a simple web panel, enabling them to track a device’s real-time location, listen through the microphone, access the camera and steal messages, and contacts.
Infection typically occurs through social engineering tactics, where users click on manipulated links or download disguised malicious apps. Once installed, the spyware operates discreetly, and is even capable of intercepting banking data and passwords.
Apple’s Emergency Update Addresses Zero-Day Vulnerability
Independently of the ZeroDayRAT emergence, Apple recently released iOS 26.3, patching several vulnerabilities including the critical flaw CVE-2026-20700. This vulnerability affected the Dynamic Link Editor (dyld), a core system component. Apple confirmed the vulnerability had been exploited in attacks targeting older iOS versions.
Zero-day vulnerabilities are particularly concerning as they are exploited by hackers before the vendor has a chance to develop a fix. This underscores the importance of swift software updates, which often terminate ongoing malicious processes within a device’s memory. The speed of patching highlights the ongoing arms race between security researchers and threat actors.
Lockdown Mode Offers Enhanced Protection for High-Risk Users
For individuals facing heightened risk, such as journalists or activists, Apple offers an extreme protection option: Lockdown Mode. Available since iOS 16, this mode significantly restricts iPhone functionality to minimize the attack surface.
When activated, Lockdown Mode blocks most message attachments, disables complex web technologies, and prevents FaceTime calls from unknown numbers. While usage becomes less convenient, the mode defends against even zero-click exploits – attacks that function without any user interaction.
Jetzt kostenloses iPhone-Lexikon herunterladen
Why is the Spyware Threat Increasing?
Platforms like ZeroDayRAT are democratizing surveillance tools. What was once the domain of state-sponsored actors or specialized firms like the NSO Group is now commercially available. Simultaneously, attack methods are becoming more sophisticated. Zero-click exploits leverage vulnerabilities in apps like iMessage, which automatically process messages in the background.
Vigilance remains crucial for users. The fundamental rules are to install updates promptly, use strong passcodes, and exercise caution with unexpected links. While absolute security is unattainable, these measures significantly reduce risk.
