BTMOB Android RAT Exploits No-Code Tools for Global Phishing Campaigns
The BTMOB Android remote access trojan (RAT) is spreading through phishing campaigns, utilizing a no-code builder tool to create custom payloads. This malware, first documented in February 2025, extends beyond typical banking trojans by exfiltrating data, capturing screenshots, and allowing remote control of infected devices. BTMOB is sold as a malware-as-a-service (MaaS), enabling less skilled criminals to deploy sophisticated attacks. The trojan is distributed via phishing sites masquerading as legitimate services, leading victims to download malicious apps. 
