New BTMOB Malware Lets Attackers Remotely Control Android Devices

*Executive summary:* BTMOB is a commoditized Android remote-access trojan (evolving from SpySolr) marketed as a malware-as-a-service with a no-code APK builder and phishing campaign support; it abuses Android Accessibility Services to gain persistent, full-device control (screen viewing, overlays, credential harvesting, file exfiltration), is distributed via fake app stores and localized lures, and has active variants and observable IOCs (IP addresses, SHA256 hashes and vendor detections) that defenders should block and monitor for.