New BTMOB Android Malware Enables Full Device Takeover

https://www.securityweek.com/new-btmob-android-malware-enables-full-device-takeover/

Publish Date: 2026-05-28 09:05:04

Summary:

The BTMOB remote access trojan (RAT) poses a severe threat to Android users, according to ESET. This Trojan, originating from the SpySolr malware, is primarily disseminated through phishing techniques leveraging familiar themes like streaming services and cryptocurrency mining. The kit, available for $5,000 plus a monthly support fee, allows threat actors to customize phishing lures adaptable to various geographical targets without coding knowledge. Delivered through deceptive messages and fake application stores that mimic legitimate repositories, BTMOB seeks to gain excessive device access through Android Accessibility Services. Unlike typical banking trojans, it not only targets financial credentials but can exfiltrate various sensitive data, capture device activity, and seize remote control. Although primarily active in Latin America, the threat it presents to global Android users is significant as the malware rapidly mutates, with various iterations observable only months apart.

Key Points:

BTMOB is a hazardous remote access Trojan based on SpySolr, mainly disseminated through phishing attacks.
Threat actors can buy a malware kit with – The generated text has been blocked by our content filters.