Alert: 2026 Zero‑Click Spyware Targets iPhone 17 and Android 16

Recently, a hacker using the alias xone9to1 advertised on a well‑known cybercrime forum a top‑tier remote‑access trojan marketed as a “Zero‑click RAT”. The product claims to break the iOS/Android barrier and specifically target the newest devices: iPhone 17 running iOS 26.2 and Android 16.

The advertised capabilities include:

No‑install: victims do not need to click any APK or IPA package.

Silent intrusion: attackers can hijack the phone through system vulnerabilities such as WebKit or kernel bugs.

Full‑system compatibility: supports Android 5 through Android 16 and the cutting‑edge iOS 26.2.

According to the leak, once a device is infected the phone becomes a “mobile eavesdropper” with features such as:

Real‑time monitoring: forced activation of front and rear cameras, live screenshots, and microphone listening.

Asset theft: built‑in modules to steal from MetaMask, Binance, Apple Pay and other payment platforms.

Social‑app full visibility: monitoring of WhatsApp, Telegram and direct reading of SMS verification codes (OTP).

Remote control: ability to lock the phone, adjust brightness and ringtone, or enlist the device in a botnet for DDoS attacks.

Security experts note that while the hacker supplied a proof‑of‑concept video, the claim should be examined rationally. Genuine zero‑click exploits command millions of dollars on the black market; if xone9to1 is merely selling the tool publicly, its authenticity remains uncertain and it could be a scam targeting low‑skill attackers.

The timing aligns with newly disclosed WebKit vulnerabilities in iOS 26.2 (e.g., CVE‑2025‑43529) and the possible integration of high‑level exploit chains such as “DarkSword”.

Mitigation recommendations include:

Force upgrades: verify that the latest security patches are installed (e.g., iOS 26.3 fixes several known issues).

Enable Lockdown Mode: Apple users handling high‑value data should turn on Lockdown Mode to block most zero‑click attack vectors.

Beware of rogue base stations and suspicious messages: avoid unknown Wi‑Fi networks and treat unsolicited MMS or system notifications with heightened caution.

In conclusion, the 2026 spring security storm underscores that when elite espionage techniques become commoditized, no system can claim absolute safety, and every user may find themselves exposed.