HOMETHREATSBTMOB RAT
APT / THREAT GROUP

BTMOB RAT

2
aliases
Last seen:Mar 17, 2026

Intelligence Profile

According to Cyble, this is an advanced Android malware evolved from SpySolr that features remote control, credential theft, and data exfiltration. It spreads via phishing sites impersonating streaming services like iNat TV and fake mining platforms. The malware abuses Android’s Accessibility Service to unlock devices, log keystrokes, and automate credential theft through injections. It uses WebSocket-based C&C communication for real-time command execution and data theft. BTMOB RAT supports various malicious actions, including live screen sharing, file management, audio recording, and web injections.

Threat Analysis

BTMOB RAT is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.

Intelligence Reports Mentioning BTMOB RAT

External References

Quick Facts

TypeAPT / Threat Group
Aliases2

Also Known As

apk.btmobBTMOB RAT

External Intelligence

Malpedia: apk.btmob

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.