THE BTMOB remote access trojan (RAT) poses a significant threat to Android users, primarily due to its capabilities for data theft and device takeover. ESET describes BTMOB as derived from SpySolr malware and distributed via phishing attacks that entice users with familiar services. Its developers provide a customizable APK builder that allows attackers to create tailored phishing lures without coding knowledge.
BTMOB can gain excessive privileges through the Android Accessibility Services and can exfiltrate sensitive data, capture screenshots, and take remote control of devices. The malware is rapidly evolving, with multiple variants being noted, predominantly affecting Latin America, but posing risks globally.