BTMOB: A stealthy RAT burrowing deep into Android devices

BTMOB is a commercially available Android RAT that evolved from SpySolr and is distributed via phishing sites and fake app stores; it abuses Android Accessibility Services to gain elevated permissions, enables full device takeover (data exfiltration, screenshots, remote control), and is marketed with an APK builder that lowers the bar for attackers. The report documents active campaigns (Brazil/Argentina), lists IPs and SHA256 indicators, ESET detection names, and provides mitigation guidance.