Researchers studying cybersecurity have revealed information about ZeroDayRAT, a new mobile spyware platform that is being promoted on Telegram as a means of obtaining private information and enabling real-time monitoring on iOS and Android smartphones This article explores zerodayrat malware. . According to Daniel Kelley, security researcher at iVerify, "the developer runs dedicated channels for sales, customer support, and regular updates, giving buyers a single point of access to a fully operational spyware panel."

"The platform includes direct financial theft and real-time surveillance in addition to standard data collection." Versions of iOS up to 26 and Android 5 through 16 are supported by ZeroDayRAT. The malware is thought to be spread through phony app marketplaces or social engineering.

Buyers are given a builder and an online panel to install on their own server, which are used to create the malicious binaries. The commercial spyware platform's news comes as a number of mobile malware and scam campaigns have surfaced in recent weeks. Group-IB reported last month that it has seen an increase in NFC-enabled Android tap-to-pay malware, the majority of which is promoted within Chinese cybercrime communities on Telegram.

Ghost Tap is another name for the NFC-based relay method. The cybersecurity firm with its headquarters in Singapore reported that between November 2024 and August 2025, "at least $355,000 in illegitimate transactions have been recorded from one POS vendor alone."

"Mules all over the world use mobile wallets loaded with compromised cards to make purchases in another observed scenario." TX-NFC, X-NFC, and NFU Pay are the three main suppliers of Android NFC relay apps, according to Group-IB. Since starting operations in early January 2025, TX-NFC has accumulated over 25,000 Telegram subscribers.

On the messaging platform, X-NFC and NFU Pay have over 5,000 and 600 subscribers, respectively.