In Bypassing MFA, ZeroDayRAT Is 'Textbook Stalkerware'
Summary
ZeroDayRAT is a stalkerware application that bypasses multi-factor authentication (MFA) by accessing SIM data, location information, and SMS previews. This access allows attackers to perform account takeovers and conduct targeted social engineering attacks. The application is described as "textbook stalkerware" due to its capabilities.
IFF Assessment
The discovery of stalkerware capable of bypassing MFA and enabling account takeovers is bad news for defenders.
Severity
Defender Context
Defenders need to be aware of the increasing sophistication of stalkerware and its ability to bypass MFA. Monitoring for unusual application installations and network traffic patterns is crucial. The ability of malware to access SMS data and location information highlights the need for stronger mobile security measures.