a remote access trojan promoted in the region – Business Empresarial

Business Empresarial. ESETa leading company in proactive threat detection, warns of the rise of BTMOB, a remote access trojan (RAT) that combines a malware generator. This tool allows cybercriminals to design and deploy malware campaigns with astonishing speed and efficiency. In addition to standard features such as keyboard, screenshots and session capture, BTMOB stands out with its real-time screen streaming capabilities and direct remote control of the jailbroken device.

Trojans disguise themselves as legitimate files or applications to trick victims into infecting their devices. Banking Trojans have a primary goal of stealing financial information, while RATs have broader capabilities: they can steal various types of data, take complete control of a device, and perform actions on it. Brazil is one of the countries with the highest number of detected Trojans, most of which are usually banking Trojans.

The spread of BTMOB is based on various social engineering campaigns targeting Android devices. Many of the companies developed in Brazil and other countries in the region use fake versions of popular applications. These apps are distributed by deception and direct users to fraudulent app stores that mimic the look and feel of the Google Play Store.

ESET also discovered that BTMOB is offered as a service on the pageGina Internet accessible from the open Internet. DadGina It’s simple and redirects via links to a Telegram contact to receive the malware.

In addition, links to the tool were found on social media. An account on Platform X (formerly Twitter), for example, redirects interested parties to the same contact on Telegram. Other platforms, such as Instagram, have also seen content linked to the spread of malware.

Analysis by independent researchers such as Jonk3r in Merle are active in other Latin American countries. In Argentina, for example, a company was discovered posing as a government agency (Customs Collection and Control Agency) in order to increase the credibility of the fraud.

The elements presented by BTMOB are sufficient to classify it as a relevant threat. Ease of customization, scalability, and advanced remote control features increase the demand for users and organizations seeking to secure their mobile devices. comments by Martina López, computer security researcher at ESET Latin America.

ESET assures that it is possible to avoid infection with this and other similar threats by implementing a combined strategy for effective results:

  • Downloading apps from official or verified sources: BTMOB distribution also occurs through fake app stores that mimic the look and feel of the Play Store, but are hosted and controlled by cybercriminals. Considering this, it is very important to raise the awareness of users so that they pay more attention and check whether they are really accessing an official store or a fraudulent environment.

  • Be careful with links: As part of cybersecurity awareness, it’s important that training and communication direct users to be careful with any type of passively received content. This includes links sent via email, messaging apps, or even social media ads. Cybercriminals use a variety of resources to reach their victims and convince them to click, so it’s important to strengthen this type of targeting.

  • Raise awareness of the impact and responsibility of each employee: Many people who do not work directly with technology or security struggle to understand the risks associated with careless behavior. Clarifying these impacts contributes to the maturity of the organization’s security system and helps each person understand their role and the potential consequences of an incident.

  • Protect your environment and devices: It is critical to ensure that the above measures are reinforced with technological controls and security solutions. Use reliable security software that is constantly updated and properly configured to protect all devices in your environment, not just mobile phones. In the event of improper access, these solutions can prevent or mitigate malicious actions.

Leave a Reply

Your email address will not be published. Required fields are marked *