BTMOB Malware Allows Cybercriminals to Remotely Hijack Android Phones

BTMOB is an Android remote-access trojan identified in early 2025 that provides attackers near-complete control of infected devices (data exfiltration, screenshots, user monitoring and remote control). It is distributed through phishing and fraudulent app stores, abuses Android Accessibility Services for elevated permissions and persistence, and is sold as a malware-as-a-service with an APK builder—lowering the barrier for widespread abuse. Researchers have observed region-specific lures and multiple signatures across detection tools; the report includes IP and domain indicators and recommends installing apps only from official stores, avoiding unsolicited links, and deploying mobile security solutions.