Cybersecurity experts at Certo Software have discovered a new Android spyware called RadzaRat. This malware is a Remote Access Trojan (RAT) that gives criminals full remote control over a device, and alarmingly, it is currently completely undetectable to all major anti-virus programs. This important finding was shared with Hackread.com, highlighting a serious new risk for users.
The File Manager Disguise
According to Certo Software’s blog post, RadzaRat is hidden within an application that appears to be a normal file manager, a tool used to handle photos and documents. Once installed, it grants criminals extensive access, allowing them to browse and download files with advertised support for transfers up to 10 gigabytes, and even track everything you type, a feature known as keylogging.
Keylogging, as we know it, can steal sensitive details like passwords and credit card numbers. This capability is clearly demonstrated in the image shared by Certo Software researchers, which shows the malware operating and logging keystrokes via Telegram.
Zero-Detection and Low Cost
A key concern is its distribution; the malware’s installation file was openly available online, which means anyone could download and use it. Furthermore, a test against 66 security vendors on VirusTotal showed a shocking 0/66 detection rate, proving it bypasses all current protection. This window of invisibility is a huge advantage for criminals.
Co-founder of Certo Software, Simon Lewis, highlighted RadzaRat’s severity, stating: “What makes RadzaRat particularly dangerous is the combination of complete security vendor evasion and its public availability.”
“The APK installer file is openly accessible, meaning anyone can download and deploy their own version. We’re essentially watching a malware threat being distributed through the same platforms used for legitimate software development,” Lewis added.
RadzaRat Spyware for Sale
The malware is actively sold on underground forums by a developer named ‘Heron44’ and requires minimal resources to run, relying only on free services like a Render.com server and a Telegram bot.
This zero-cost setup means anyone with minimal skill can deploy it. The program, first made public on November 8, 2025, also uses aggressive methods to stop Android from closing it and ensures it restarts automatically every time the device reboots.
The emergence of RadzaRat goes on to show why users, especially those on Android devices, must be extra careful about what apps they download, as it can be a gateway for hackers to steal private and financial information.