New BTMOB Android Malware Enables Full Device Takeover

The BTMOB remote access trojan (RAT) is becoming a heightened threat to Android users due to its data theft and device takeover capabilities, ESET warns.

Believed to be based on the SpySolr malware, BTMOB is distributed via phishing attacks leveraging lures such as streaming, cryptocurrency mining, and other familiar services.

Its developers, however, sell it bundled with an APK builder interface, allowing threat actors to tailor lures and create new payloads based on their target geographies, without writing code.

“Once someone purchases the malicious kit, they can adapt its features, including the phishing lures so they impersonate the brand or agency most likely to lure victims in any given country,” ESET notes.

The malware is promoted via an open web page linking to a Telegram channel. Social media accounts on X and Instagram are also used to promote the Android malware.