Explanations from an expert [Interview]

The DGSS relating to the National Defense Administration issued a warning note, concerning a Trojan horse named BTMOB RAT. This malicious tool specifically targets Android devices.

Hassan Kherjouj, cybersecurity expert, highlight the gravity of this virus and the means to fight it.

To start, what is the magnitude of the BTMob Rat virus in Morocco? Are there signs indicating that local users are targeted?

Fortunately, there was no real spread at the national level. The rapid intervention of the DGSS, through a warning note, allowed the country to avoid a real disaster. This Trojan horse could have caused a generalized violation, if it had not been identified in time.

What is this Trojan horse and what makes it so dangerous?

BTMOB RAT is one of the most dangerous malicious software types, classified as a Trojan Horse from remote access (RAT). It allows hackers to take total control of the victim’s phone without his knowledge and without his authorization. It is distributed by various means such as phishing sites, fraudulent links, malicious applications, or APK files from unreliable sources.

What accentuates its danger is its ability to use the accessibility services of the Android system, to obtain advanced access, bypass security systems and collect sensitive data displayed on the screen, such as passwords, messages and banking information. He also monitors the clipboard to steal the information temporarily copied and performs commands in the background, without the user’s knowledge.

To escape detection by security systems, this rat imitates the behavior of legitimate applications, making its detection difficult. It is particularly dangerous, because it takes permissions without explicit consent, by exploiting the loopholes of accessibility services, in addition to its ability to hide from protective programs and security systems.

What vulnerabilities does this type of rat use, and why do they persist despite regular updates?

The main vulnerability it operates is accessibility services, which hackers use to obtain privileges. Despite regular security updates, hackers are continuously innovating new methods to discover unknown vulnerabilities, which means that any system or application remains exposed to violations.

Can the uninitiated user distinguish between a safe and a malicious application? What are the errors that make a vulnerable device?

To tell the truth, it is difficult for the average user to detect such threats, especially since rats like this are advanced in camouflage and imitate safe applications. The practical solution is to install reliable and updated protective programs, in addition to avoiding downloading applications from unofficial sources or interact with suspicious links and messages.

The main errors reside in the downloading of applications outside of official blinds, click on suspicious links or the confidence in deceived messages, which falsely offer gifts. These behaviors open the door to malicious software like Btmob Rat. Installing a reliable protection program and updating it regularly can reduce the risk of up to 90%.

Are the digital infrastructure of Morocco, in terms of individuals or institutions, are ready to face such threats? What is the importance of awareness in this area?

To some extent, there are tangible efforts. But a serious and rapid interaction of all institutions is essential, with the warning notes issued by the parties concerned, such as the DGSS. These bodies have highly qualified engineers, the recommendations of which must be taken into account.

In addition, awareness raising remains an absolute necessity. No one, whatever their expertise, can claim a complete mastery of all hacking methods, in one that is evolving daily. Consequently, institutions, alongside the media, must play a more important role at this level.

Finally, do you think that Morocco needs a stricter national strategy in the field of cybersecurity awareness?

Absolutely, especially at the educational level. Unfortunately, we lack real integration of cybersecurity concepts in educational programs, while our students interact daily with devices. The ministries concerned must act to include this aspect in pedagogy.