Reliance on deception and not exploits: Despite the name, ZeroDayRAT does not depend on undisclosed operating system vulnerabilities to infect devices. Instead, the primary infection vector is social engineering. Victims are persuaded to install a malicious application or configuration profile disguised as legitimate software, often delivered through links shared via SMS, email, or messaging platforms.While the researchers did not elaborate on the infection chain, on Android, this typically involves sideloading an app outside the official Play Store, sometimes accompanied by prompts to grant extensive permissions. On iOS, installation may rely on enterprise provisioning mechanisms or user-approved profiles that allow the malicious app to run outside the App Store review process.Because infection depends on user interaction rather than zero-click exploits, preventing unauthorized app installation remains a key control against such threats. “Detecting threats like ZeroDayRAT requires mobile EDR that goes beyond traditional device management,” the researchers said, claiming that iVerify has detection, forensics, and automated response solutions to help users identify a compromise across BYOD and managed fleets.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4133122/zerodayrat-spyware-targets-android-and-ios-devices-via-commercial-toolkit.html
