Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
BTMOB Android Malware Threatens Full Device Control

BTMOB Android Malware Threatens Full Device Control

Posted on May 28, 2026 By CWS

BTMOB, a remote access trojan (RAT), is increasingly jeopardizing Android users by enabling unauthorized data access and full device control, cybersecurity firm ESET cautions. This malware, thought to originate from SpySolr, spreads through phishing schemes that use enticing topics like streaming services and cryptocurrency mining.

Distribution and Customization

The creators of BTMOB offer it with an APK builder, allowing cybercriminals to customize phishing tactics and generate targeted malware without needing coding skills. Purchasers can modify the software to mimic trusted brands or agencies, enhancing its deceptive capabilities in different regions, according to ESET.

Promotion of BTMOB occurs through a public web page linked to a Telegram channel, with additional advertising via social media platforms like X and Instagram. A lifetime license for the malware costs $5,000, with ongoing support available for a monthly fee. In an unusual occurrence, files associated with BTMOB were briefly made available for free on a dark web forum earlier this year.

Advanced Threat Techniques

Cybercriminals using BTMOB employ phishing emails directing targets to seemingly legitimate sites, which then redirect to counterfeit app stores distributing the malicious APK. Once installed, BTMOB seeks extensive permissions, exploiting Android’s Accessibility Services to gain elevated privileges without user consent.

Unlike traditional banking trojans that primarily target financial data, BTMOB offers attackers a broader array of functions, such as exfiltrating sensitive information, capturing screen activity, and even taking full control of the device remotely, ESET explains.

Global Impact and Evolution

Though BTMOB has been predominantly detected in Latin American cyberattacks, its potential impact is not confined to this region. ESET highlights the malware’s rapid evolution, noting frequent emergence of new versions, while certain aspects of its infrastructure remain constant.

This ongoing mutation poses a significant challenge for security professionals aiming to protect users worldwide from this sophisticated threat. As malicious actors continue to refine their methods, staying informed and vigilant remains crucial for safeguarding digital security.

Related: Critical Remote Code Execution Vulnerability Patched in Android

Related: Mirax RAT Targeting Android Users in Europe

Related: PromptSpy Android Malware Abuses Gemini AI at Runtime for Persistence

Related: New Keenadu Android Malware Found on Thousands of Devices

Security Week News Tags:accessibility services, Android malware, APK builder, BTMOB, Cybersecurity, dark web, device takeover, ESET, Latin America, malware variants, phishing attacks, remote access trojan, SpySolr, Telegram

Post navigation

Previous Post: Hackers Exploit Networks for JavaScript Malware
Next Post: Critical Gitea Vulnerability Risks Private Container Images

Related Posts

France Probes ‘Foreign Interference’ After Remote Control Malware Found on Passenger Ferry France Probes ‘Foreign Interference’ After Remote Control Malware Found on Passenger Ferry Security Week News
State-Sponsored Hackers Stole SonicWall Cloud Backups in Recent Attack State-Sponsored Hackers Stole SonicWall Cloud Backups in Recent Attack Security Week News
HPE AOS-CX Flaw Allows Admin Password Resets HPE AOS-CX Flaw Allows Admin Password Resets Security Week News
Mazda Says No Data Leakage or Operational Impact From Oracle Hack Mazda Says No Data Leakage or Operational Impact From Oracle Hack Security Week News
Surf AI Secures M for Innovative Security Operations Surf AI Secures $57M for Innovative Security Operations Security Week News
Meta Unveils New Anti-Scam Tools Amid Global Crackdown Meta Unveils New Anti-Scam Tools Amid Global Crackdown Security Week News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • KittySploit: AI-Driven PenTesting with Over 1150 Modules
  • Cybersecurity Update: Linux Flaws, Ubiquiti Issues, Accenture Breach
  • Apple Accuses OpenAI of Trade Secret Misappropriation
  • Espionage Campaigns Target Pakistani Police Portals
  • Compromised jscrambler npm Package Drops Infostealer

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • KittySploit: AI-Driven PenTesting with Over 1150 Modules
  • Cybersecurity Update: Linux Flaws, Ubiquiti Issues, Accenture Breach
  • Apple Accuses OpenAI of Trade Secret Misappropriation
  • Espionage Campaigns Target Pakistani Police Portals
  • Compromised jscrambler npm Package Drops Infostealer

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark