This sophisticated malware, detected for the first time in February, targets Android devices and uses system accessibility services to take control of smartphones in a furtively.
The operating mode is formidable: once installed via infected applications on Google Play Store or phishing links, Btmob Rat obtains high permissions without arouing the suspicions of the user. He can thus:
- access messages, connection identifiers,
- suck up the banking data displayed on the screen,
- Intercept the keyboard strikes or recover the contents of the clipboard (passwords, OTP codes, etc.),
- And maintain persistent access, even after restart.
According to the latest estimates by Kaspersky and Lookout Mobile Security, more than 500,000 malware facilities exploiting Android accessibility were identified in 2024. These techniques allow hackers to bypass conventional antiviruses, especially since users often activate these services for practical reasons (screen reading, voice navigation, etc.).
The DGSS alert insists on the severity of the potential impact, especially in the sensitive sectors (banks, telecoms, administrations). Management invites to reinforced surveillance of permissions granted to applications and to avoid downloads outside the verified sources. It is also advisable to use recognized mobile security solutions and regularly check the suspicious activities in Android settings.
This alert is part of a context where mobile cyber attacks are increasing. In 2023, the Zimperium report was an increase of 51 % of the Android targeting attacks on a global scale, with a predilection for emerging countries with expanding digital infrastructure.
Related news :