Overview
- iVerify reports the toolkit targets a wide OS range, from Android 5–16 to iOS 26, covering even current flagship devices.
- A web dashboard surfaces device details, recent messages, app activity, notifications, GPS location history, and registered accounts for rapid profiling.
- Operators can activate cameras and microphones, record screens, log keystrokes, and intercept SMS one‑time codes to bypass SMS‑based two‑factor authentication.
- Dedicated theft modules scan popular crypto wallets for clipboard hijacking and deploy overlays against banking and payment apps including Google Pay, PhonePe, Apple Pay, and PayPal.
- Researchers say infections typically start via smishing, phishing emails, or fake app stores, and recommend installing only from official stores and enabling platform protections to reduce individual and enterprise risk.