This Spyware Gives Hackers Full Control of Your Phone—And It Costs Less Than Your Monthly Plan

Spyware for Sale on Telegram

A new commercial spyware platform called ZeroDayRAT appeared on Telegram in early February 2026, offering full remote control over Android and iOS devices. According to researchers at iVerify, the toolkit provides capabilities that previously required nation state investment or bespoke exploit development.

The spyware is advertised in five languages: Portuguese, Russian, Chinese, Spanish, and English. It supports Android versions 5 through 16 and iOS up to version 26, covering virtually every smartphone in active use today.

What ZeroDayRAT Can Do

Once installed on a target device, ZeroDayRAT provides a comprehensive surveillance dashboard that displays the device model, OS version, battery status, SIM card details, geographic location, app usage logs, and complete SMS message history.

The active surveillance capabilities are even more alarming:

• Camera and microphone access: Live feeds from front and rear cameras plus audio monitoring
• Screen recording: Captures everything the victim does on their device
• Keystroke logging: Records passwords, gestures, and unlock patterns
• SMS interception: Captures one time passwords to bypass two factor authentication
• Push notification capture: Reads every notification from every app

Built to Steal Money

ZeroDayRAT includes specialized financial theft modules. A cryptocurrency stealer scans for MetaMask, Trust Wallet, Binance, and Coinbase apps, logs wallet IDs and balances, and attempts clipboard address injection, a technique where the spyware silently replaces a copied wallet address with one controlled by the attacker.

Banking modules target online banking apps and payment platforms including Google Pay, PhonePe, Apple Pay, and PayPal through fake screen overlays that capture login credentials.

Why This Is Different From Pegasus

Commercial spyware like NSO Group's Pegasus has made headlines for targeting journalists and activists. But Pegasus is sold exclusively to governments at costs reaching millions of dollars per deployment. ZeroDayRAT represents a fundamentally different threat: commodity spyware available to anyone with a Telegram account and a few hundred dollars.

Every operator runs their own instance. There is no central server for authorities to locate and shut down. If the Telegram sales channel gets taken down, the developers can create a new one in minutes. This decentralized model makes ZeroDayRAT nearly impossible to eradicate.

Who Is at Risk

While anyone can be targeted, certain groups face elevated risk. Journalists investigating sensitive stories, activists working in repressive environments, and executives handling confidential business information are high value targets for spyware operators.

The accessibility of ZeroDayRAT also opens the door to domestic abuse scenarios, corporate espionage, and stalking. Unlike state sponsored spyware that targets specific individuals, commodity tools like this enable mass surveillance by anyone willing to pay.

How to Protect Yourself

Security experts recommend several measures to reduce your risk:

• Download apps exclusively from official stores and only from reputable publishers
• Enable Lockdown Mode on iOS, which restricts attack surfaces by disabling certain features
• Activate Advanced Protection on Android for additional security layers
• Switch from SMS based two factor authentication to app based authenticators or hardware keys
• Keep your operating system updated to patch known vulnerabilities
• Be suspicious of unsolicited links in text messages, emails, and messaging apps

Spyware like ZeroDayRAT often arrives through phishing messages. The same vigilance that protects you from email tracking, where invisible pixels reveal your location and reading habits to senders, applies to mobile threats. Stay skeptical of anything that asks you to click, install, or verify.