BTMOB Android RAT Spreads Through No-Code Builder Tooling

ESET researchers observed BTMOB, an Android RAT sold as a commercial MaaS that includes an APK builder allowing quick creation of custom payloads without coding. Operators distribute via phishing sites and fake app stores across Brazil and other countries, abuse Android Accessibility Services to escalate privileges, and use the RAT for broad data exfiltration and remote device control; the service’s low-cost licensing and rapid variant turnover increase scale and containment difficulty.