BTMOB Android malware service generates custom phishing payloads

ESET reports that BTMOB is an Android remote access trojan sold as malware-as-a-service with a user-friendly APK builder for generating custom, localized phishing lures; it targets users (primarily in Brazil and Latin America), abuses Accessibility Services to gain elevated permissions, and provides features for data theft, financial transaction interception, screenshots and remote control, with active distribution via fake Google Play and phishing sites.