BTMOB RAT Gives Criminals a Point-and-Click Kit to Take Over Your Android Phone
BTMOB sells Android full-device takeover as a kit, no coding needed. It steals data, records screens, and hands attackers remote control for $5,000 lifetime. Most Android malware requires at least some technical competence to deploy, but the BTMOB doesn’t. The developers sell it with a built-in APK builder that lets buyers generate new malicious apps, […]
Most Android malware requires at least some technical competence to deploy, but the BTMOB doesn’t. The developers sell it with a built-in APK builder that lets buyers generate new malicious apps, swap phishing lures, and target different countries without writing a single line of code. That’s the part worth paying attention to.
ESET researcher Daniel Cunha Barbosa flagged BTMOB while reviewing threat detections in Brazil. It’s been around since at least early 2025, evolving from an older piece of malware called SpySolr, and it’s been picked up fast. The Android malware BTMOB is a full takeover.
Related breach coverage
- New BTMOB Android Malware Enables Full Device Takeover2026-05-28
Delivered via phishing lures, the malware combines financial theft with data exfiltration and remote access. The post New BTMOB Android Malware Enables Full Device Takeover appeared first on SecurityWeek.
- The Zero-Knowledge Threat Actor and the End of Responsible Disclosure2026-06-02
AI can help attackers generate malware, create malicious payloads, bypass simple security checks, and convert vague malicious intent into functional code. The post The Zero-Knowledge Threat Actor and the End of Responsible Disclosure appeared first on SecurityWeek.
- Zero-Click WhatsApp Account Takeover Hits iPhone Users Running iOS 16. No Linked Devices, No Warning2026-05-25
A zero-click attack targeting iPhones on iOS 16 hijacked WhatsApp accounts without linked devices, warnings, or user interaction. There is a particular kind of security incident that is harder to explain than most: your WhatsApp account is sending messages you did not write, asking your contacts for money transfers, and when you check the “Linked […]
- ‘Underminr’ Vulnerability Lets Attackers Hide Malicious Connections Behind Trusted Domains2026-05-23
The stealthy vulnerability impacts roughly 88 million domains and can be exploited to bypass DNS filtering and hide command-and-control traffic. The post ‘Underminr’ Vulnerability Lets Attackers Hide Malicious Connections Behind Trusted Domains appeared first on SecurityWeek.