BTMOB RAT: Beware of Fake Streaming and Crypto Mining Apps - #BTMOB
A sophisticated Android malware called BTMOB RAT, evolved from SpySolr, has emerged as a significant threat to mobile users. Discovered in early 2025, this Remote Access Trojan spreads through phishing sites impersonating legitimate services and exploits Android's Accessibility Service to perform various malicious activities. BTMOB RAT's capabilities include remote control, credential theft, data exfiltration, live screen sharing, and audio recording, facilitated by WebSocket-based command and control communication. The malware is actively promoted on Telegram by its creator, offering paid licenses and updates, indicating its persistent and evolving nature. To protect against BTMOB RAT, users are advised to download apps only from official stores, use reputable antivirus software, enable multi-factor authentication, and keep their devices updated.