Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Latest News

Signal Users Targeted in Sophisticated Phishing Campaigns Aimed at Stealing Chat Backups

  Recently uncovered cyber threats now focus on people relying on Signal’s encrypted messaging service. Fake notifications, appearing legiti...

All the recent news you need to know
Remote Access Trojan
Android Malware Android Security BTMOB Malware Cybercrime Operations malware Mobile Cybersecurity Mobile Threats Phishing Attacks Remote Access Trojan

Researchers Uncover BTMOB Malware Capable of Taking Over Android Phones


 

In the Android threat landscape, a new malware operation has been rapidly expanding, reducing the barriers to entry for cybercriminals while simultaneously enhancing their offensive capabilities significantly. Security researchers have identified BTMOB, an Android remote access trojan (RAT) derived from the SpySolr malware family, as an emerging malware-as-a-service platform that enables operators to remotely monitor, manipulate, and control compromised devices with minimal technical expertise. 

Malware primarily distributes itself through phishing campaigns and fraudulent applications masquerading as legitimate online services, combining extensive device takeover functionality with a no-code campaign-building framework, which facilitates the customisation of lures, automatic deployment, and targeting of multiple regions using the malware.

BTMOB's evolution reflects a broader shift in the mobile threat landscape, where commercially packaged malware platforms are transforming advanced Android attack capabilities into scalable cybercrime services available to a wider range of threat actors.  As malware's commercialisation model increases, its reach is closely linked. In contrast to being operated by a single threat group, BTMOB serves as a subscription-based cybercrime service with public-facing marketing channels for the purpose of attracting potential customers. 

The malware is marketed through a dedicated surface-web portal that directs buyers to a Telegram-based operator. Additional marketing is conducted via social media accounts on X and Instagram. The commercialisation of the malware provides valuable insight into how its operators have transformed a technical threat into a structured cybercrime service designed for scale. 

Access to the platform has reportedly been advertised for approximately $5,000, along with recurring support fees. Researchers note that the cost remains relatively low compared with the potential returns from successful fraud operations, making the service attractive to a broader range of cybercriminals. Further aggravating the risks is the fact that the malware is circulated outside the commercial ecosystem. 

BTMOB-related files appeared briefly on a dark web forum in January of 2026 as a free download before disappearing, showing how malware distributed through commercial channels can rapidly spread through unauthorised sharing and reselling networks. Consequently, security teams are faced with an increasingly dynamic threat, as new builds and modified payloads emerge more rapidly than traditional detection mechanisms can react. 

Beyond its commercial appeal, BTMOB's effectiveness ultimately depends on its ability to compromise devices at scale through carefully crafted social engineering campaigns. In order to achieve operational success, BTMOB will continue to rely heavily on phishing-driven infection chains designed to maximize the trust of the user base. 

The threat actors often redirect targets to counterfeit websites masquerading as streaming platforms, cryptocurrency services, or other widely recognised online brands in order to divert them to fraudulent application repositories containing malicious Android applications. Additionally, attacks have been observed that are tailored to align with local institutions and government entities, including operations impersonating Argentine tax and public sector agencies as lures. 

Upon sideloading, the malware seeks elevated privileges by exploiting Android's Accessibility Services, giving it the ability to silently grant it additional permissions without the user having to take any further action. The BTMOB establishes communication with attacker-controlled command-and-control infrastructure with these privileges, allowing the operator to remotely manage the compromised device and maintain persistent access in order to monitor, steal credentials, and conduct other malicious activities on the compromised device. A significant challenge for defenders is the commercial framework underpinning BTMOB.

A report by security researchers indicates that the malware's pricing structure includes a lifetime license that costs approximately $5,000 plus recurring support fees, which are relatively modest expenditures when compared to the potential financial gains that could be realized from successful credential theft and fraud. These economic factors have accelerated the malware's adoption across underground communities, expanding its operational reach beyond highly skilled threat actors.

In January 2026, a dark web forum briefly advertised BTMOB-related files as free downloads before going offline. The incident illustrates how commercially distributed malware can quickly spread beyond its intended customer base through resale networks, private exchanges, and closed underground communities. 

It is quite possible that competitors can replicate the successful design elements of the original malware by borrowing campaign management features and payload customisation mechanisms that facilitate large-scale operations even where the original malware is inaccessible. This combination of rapid distribution and continuous modification creates additional challenges for defenders attempting to track the malware's evolution. As a result, defenders face an increasingly fluid threat environment in which payloads, infrastructure, and delivery techniques can change faster than conventional detection strategies can adapt.

ESET currently identifies MSIL/BtmobRat as the primary malware framework, while associated Android variants have been detected under several classifications, including Android/Spy.Agent.EED, Android/Spy.Agent.EIJ, and Android/Spy.Agent.EIK. As a result of its rapid development, the pace of development has already demonstrated its capacity for rapid evolution; a Cyble analysis of February 2025 observed the emergence of approximately fifteen distinct samples of BTMOB v2.5 within a relatively short timeframe. 

Behavioural monitoring and continuous threat intelligence correlation become increasingly critical with such turnover, which complicates traditional signature-based detection efforts. As BTMOB is predominantly driven by social engineering and the installation of unauthorised applications, security experts emphasise the importance of preventive measures. 

As a precautionary measure, organisations should implement policies which limit software installation to trusted application repositories, as well as educate users about the risks associated with unsolicited links received via email, messaging platforms, social media platforms, and online advertisements. In order to ensure the security of mobile devices is as high as that of workstations and servers, dedicated mobile threat defence solutions must be deployed. 

Additionally, researchers warn that one unauthorised application installed on a corporate device may create a pathway to sensitive business information. Employee awareness is a critical component of organisational resilience in the face of cybersecurity threats. It is important to note that, despite BTMOB's rapid mutation, static indicators of compromise remain useful signals for incident response teams conducting threat hunting and compromise assessments despite the rapid mutation of the BTMOB system. 

BTMOB highlights the continued evolution of cybercrime from isolated malware campaigns to commercially supported attack platforms capable of scaling sophisticated Android intrusions. As mobile threats become easier to acquire, customise, and deploy, organisations can no longer treat smartphones as secondary assets within their security programs. Strong application controls, user awareness, and continuous monitoring remain essential for reducing exposure to increasingly adaptable mobile threats.
Read more »
US
AI Cyber Attacks Data Donald Trump MyPillow Play Gang Ransomware US

Play Gang Claims Responsibility for MyPillow Hack, Company CEO Denies the Breach


The US military has always known that threat actors could use location data to spy on troops’ devices. The military also knows the easy solutions for the problem. But the Pentagon implemented none of these security measures. 

Recently, CySecurity reported that threat actors were using digital advertising data to attack US soldiers in war zones. The US law enforcement recently warned about the “anti-tech” extremism because the AI criticism was growing in the country.

Play gang takes responsibility 

The Play ransomware hacking group claimed the data theft behind the US pillow manufacturer called MyPillow. It stole personal and private confidential data from the victim. 

About the target

MyPillow was founded by 2020 Minnesota gubernatorial candidate and 220 election conspiracy theorist Mike Lindell.

The stolen data claim first surfaced on Play’s blog recently, it threatened that it was able to steal an unknown amount of information which may be exposed soon which may leak “"private and personal confidential data, clients and etc. documents, budget, payroll, IDs, taxes, finance information."

The claim, which appeared on Play's dark web leak portal earlier this week, threatens that an undeclared amount of data will be released on Friday, potentially exposing "private and personal confidential data, clients and etc. documents,budget, payroll, IDs, taxes, finance information."

High profile case

Straight Arrow News first reported about the incident. But MyPillow’s high-profile CEO Mike Lindell has denied claims of any ransomware attack which happened at all.

MyPillow was a lucrative victim for the threat actors, as Lindell’s role in pumping the controversial claims that the 2020 US presidential campaign was rigged against the now President Donald Trump.

According to Straight Arrow News, Lindell claimed in a recent interview on his website, Lindell TV, that political attacks during the previous few years cost MyPillow $400 million in damages. 

What next?

Lindell stated that he will submit an application for reimbursement from Trump's $1.8 billion "Anti-Weaponization Fund," which was established as part of Trump's settlement of an Internal Revenue Service lawsuit. 

The settlement, according to critics, offered Trump a slush fund to compensate rioters on January 6 and other individuals who have spread election conspiracy theories.

Whether MyPillow was hacked is not confirmed at the time of writing. The company denies the claim, whereas Play gang takes responsibility.
Read more »
USB C
Android Connectors Ethernet Hardware HDMI SD USB C

Why a USB-C Hub Is Becoming an Essential Accessory for Modern Phones and Laptops

 





The push toward thinner smartphones and lightweight laptops has transformed device design over the last decade. While manufacturers have succeeded in reducing size and weight, the transformation has often come at the cost of connectivity. Many modern devices now rely on a single USB-C port for charging, data transfer, and external accessories, leaving users without many of the ports that were once standard.

As a result, consumers frequently turn to individual adapters whenever they need to connect older hardware. A separate adapter may be required for an external monitor, another for a USB flash drive, and yet another for reading camera memory cards. What begins as a simple attempt to restore missing functionality can quickly turn into a collection of small accessories that must be carried, organized, and replaced when lost.

Technology users who work across multiple locations often encounter this challenge. A forgotten HDMI adapter can prevent a presentation from being displayed on a monitor. Leaving behind a memory card reader can delay the transfer of photos and videos. Even a missing USB adapter may stop a user from connecting a keyboard, mouse, or storage device when it is needed most.

Multi-port USB-C hubs have emerged as one solution to this growing connectivity problem. Instead of requiring separate accessories for different tasks, these devices combine multiple ports into a single unit that connects through a USB-C interface. Depending on the model, a hub may include HDMI output, USB-A ports, SD and microSD card readers, Ethernet connectivity, and pass-through charging support.

The primary advantage is convenience. Rather than managing several individual adapters, users only need to carry one accessory capable of supporting a wide range of devices. For people who frequently travel or work remotely, reducing the number of cables and connectors can simplify setup and minimize the chances of leaving behind a critical component.

Many hubs also allow smartphones to support more advanced desktop-style workflows. Certain Android devices can connect to external displays through HDMI, enabling users to work on a larger screen while simultaneously using a keyboard and mouse. This approach can create a workstation-like environment without requiring a traditional computer for basic productivity tasks.

However, not all USB-C hubs deliver the same level of performance. Buyers should examine specifications carefully before making a purchase. Factors such as transfer speeds, display resolution support, charging capacity, and the total number of available ports can vary considerably between products.

Power management is another important consideration. When multiple accessories are connected simultaneously, a hub may draw power from the host device. For this reason, many manufacturers offer pass-through charging capabilities that allow a charger to supply power to both the hub and the connected phone or laptop. Some models advertise support for charging rates up to 100 watts, although part of that power is consumed internally to operate the hub and connected peripherals.

Despite the industry's migration toward USB-C, many commonly used accessories continue to rely on older USB-A connections. Flash drives, printers, wireless mouse receivers, gaming controllers, and other peripherals still use the legacy standard. A hub can serve as a bridge between newer devices and existing hardware without requiring users to replace all of their accessories.

Memory card support remains particularly useful for photographers, videographers, and drone operators. Integrated SD and microSD slots allow media files to be transferred directly from cameras and storage cards without requiring dedicated readers. Some higher-end hubs can access both card formats simultaneously, reducing the need to repeatedly swap storage media during large file transfers.

Display connectivity is another frequently used feature. Many USB-C hubs provide HDMI output capable of supporting high-resolution external monitors. When paired with compatible devices, this allows users to extend their workspace, view content on larger screens, and improve multitasking capabilities.

Cost considerations may also influence purchasing decisions. While individual adapters often appear inexpensive when purchased separately, the combined cost of HDMI adapters, memory card readers, USB converters, and Ethernet accessories can exceed the price of a single multi-port hub. Consolidating these functions into one device may also reduce the need for repeated replacement purchases caused by misplaced or damaged adapters.

As manufacturers continue to streamline hardware designs and reduce the number of built-in ports, USB-C hubs are increasingly being used to restore connectivity options that many users still depend on. For individuals who regularly connect external displays, storage devices, memory cards, or older peripherals, a multi-port hub can provide a practical way to expand the capabilities of both smartphones and laptops through a single connection.

Read more »
Private Data
Data Breach Data Leak MyPillow Play Ransomware Private Data

MyPillow Private Data Leaked Online After Mike Lindell Denies Hack

 

Mike Lindell, CEO of MyPillow, insists his company was never hacked, but a ransomware group leaked nearly 12,000 internal files online just two days after his public denial. The Play ransomware gang published a 9.8-gigabyte data cache containing sensitive financial, payroll, and personal information from the pillow manufacturer, directly contradicting Lindell’s claim that MyPillow was “the most secure company” in the country. 

The attack began when Play announced on its dark web blog last week that it had stolen data from MyPillow, threatening to publish everything on Friday if ransom demands were not met. In a Wednesday telephone interview with Straight Arrow News, Lindell said he never received any ransom demand and asserted no data was taken, calling the allegations “another hit job by outside sources because I’m running for governor”. He is currently seeking the Republican nomination for Minnesota governor. 

Straight Arrow’s initial analysis of the leaked data revealed nearly 1,000 vendor invoices, including payments to high-profile figures like Trump Media & Technology Group (owner of Truth Social), conspiracy theorist Alex Jones, and Lara Trump. Documents show MyPillow paid Lara Trump $2,156.33 for advertising services in December 2023 and wired $4,023.16 to Jones’ Free Speech Systems the same month for running a company promo. Bank statements, audit files, wire transfers from 2026, and American Express statements for Lindell’s businesses including FrankSpeech (now LindellTV) are also present. 

The data breach exposes severely sensitive personal information, including payroll records with employees’ full names and phone numbers, plus tax forms like 1099s and W-9s containing names, addresses, and Social Security numbers. A folder titled “Aviation” contains private jet expenses and flight logs from 2018 to 2024. The files span from before 2011 through 2026, covering over a decade of internal company operations. 

Lindell claimed his company stores no sensitive data internally and relies on external third parties, but the leaked cache proves otherwise. When Straight Arrow shared photos of the data with Lindell via text, he did not immediately respond. This incident follows MyPillow’s 2019 Magecart credit card hack, raising serious questions about the company’s cybersecurity posture as Lindell campaigns for governor.
Read more »
European Bookseller
AI Advancements AI governance AI technology Cloud Computing Cyber Security Energy sector European Bookseller

Europe Must Balance Water and Energy Demands to Sustain AI Datacenter Growth

 

Europe’s ambitions to expand artificial intelligence and cloud computing infrastructure could be constrained by growing pressure on energy and water resources, according to a new report that calls for stronger policies linking both areas. The study argues that future datacenter growth will depend not only on access to advanced technology but also on how efficiently facilities manage power consumption and water use. 

The report, titled Scale and Secure: Powering Europe’s Digital Sovereignty, was published by Grundfos, a Danish provider of water and energy-efficiency solutions. It highlights how datacenters have evolved into critical infrastructure supporting Europe’s digital economy while also creating challenges related to resource management, environmental sustainability, and technological independence. 

According to the report, datacenters across Europe currently operate with an estimated IT load of around 10 gigawatts. That figure is expected to rise sharply to approximately 35 gigawatts by 2030 as demand for AI services, cloud platforms, and digital applications continues to increase. As a result, datacenters could account for between 7% and 9% of Europe’s total electricity consumption by the end of the decade, up from roughly 3% today. Cooling systems represent one of the largest resource demands within modern datacenters. 

The report estimates that cooling infrastructure accounts for nearly 38% of electricity use in an average facility. Water consumption is also substantial, particularly in hyperscale datacenters, where daily usage can reach between 11,356 and 18,927 cubic meters. Such volumes are comparable to the daily water needs of as many as 155,000 households across the European Union. Researchers warn that rapid datacenter expansion could place increasing strain on local energy grids, water supplies, and municipal infrastructure if growth is not carefully managed. 

Poorly planned developments may also trigger resistance from local communities concerned about environmental impacts and resource availability. To address these challenges, the report recommends integrating water and energy efficiency requirements directly into datacenter governance and planning frameworks. Standardized environmental reporting, improved oversight, and incentives for adopting efficient cooling technologies are among the proposed measures. 

The report also suggests governments introduce tax incentives, grants, and green financing programs to encourage investment in technologies that reduce resource consumption. Another recommendation focuses on improving collaboration between datacenters and district heating networks. Excess heat generated by server facilities could be reused to support local heating systems, although the report notes that regulatory, contractual, and organizational barriers currently limit wider adoption. The findings come as European policymakers increasingly balance digital transformation goals with environmental sustainability commitments. 

As AI adoption accelerates, experts argue that future datacenter expansion must prioritize efficiency and resource conservation to ensure long-term growth without placing excessive pressure on local communities and natural resources.
Read more »
Privacy
Adtech Industry Browser Fingerprinting Commercial Surveillance Data Brokers Digital Tracking Risks Location data Military Cybersecurity National Security Privacy

Digital Tracking Threats Extend Beyond Governments to Everyday Users


 

Technology policy challenges are increasingly being exposed in the debate over digital safety: measures that are intended to address one online risk are often used to raise another set of security and privacy concerns. Critics have warned that the collection of additional personal information could broaden surveillance capabilities and create new targets for abuse as governments push for stricter age-verification requirements and expanded identity checks. 

Separately, a pervasive wave of security threats is emerging at the level of the consumer, where mobile phone theft operations are exploiting weaknesses in the systems for accessing devices and recovering accounts. Whether regulating oversight, privacy, or physical device security is a concern, these developments represent the growing reality of the digital ecosystem. 

Cybersecurity experts, governments, corporations, and cybersecurity professionals are no longer the only ones facing the risks associated with digital tracking and identity information. Increasingly, it is becoming a concern for technology providers, policymakers, and everyday users alike. Digital tracking has become a topic of debate that has moved beyond privacy advocacy into the national security arena. 

Recent disclosures from US lawmakers suggest that the same commercial data ecosystem used for profiling consumers and targeting advertisements may also pose operational risks to military personnel. As reported by Senator Ron Wyden, the US Central Command has been informed that it has received several threat reports regarding the exploitation of commercially available location data in order to monitor or potentially target American personnel deployed in active theaters of operation. 

In spite of the fact that military officials did not identify the responsible actors or particular locations involved, this revelation represents a significant escalation in concern regarding the market for commercial surveillance. Researchers have long warned that location metadata obtained from smartphones, applications, and connected devices can reveal patterns, routes, and recurring gathering points through the collection of location metadata. 

Congress warns that this intelligence can be used to support kinetic threats, including drone strikes, missile attacks, and other forms of battlefield targeting, in addition to surveillance and counterintelligence activities. Increasing scrutiny has been focused on the adtech and data brokerage sectors, where large volumes of geolocation data are routinely collected, aggregated, and resold. Previously considered primarily a consumer privacy issue, this issue is now being examined as a strategic security vulnerability, particularly in light of historical incidents. 

The reports that have been reported that commercially acquired location data was used to track the movements of US Special Operations personnel toward a covert staging facility in Syria demonstrate how seemingly routine smartphone data can reveal sensitive military activities that go beyond their original purpose in revealing sensitive information. There is a fundamental concern among lawmakers and security officials about not only isolated incidents, but also the architecture of the modern data economy itself.

Through GPS, Wi-Fi and cellular network interactions, as well as advertising identifiers embedded throughout countless applications, smartphones continually generate streams of location intelligence. Upon collecting user activity records, brokers often aggregate, package, and resell them to advertisers, analytics firms, and other third parties via a sprawling commercial marketplace. Security specialists have repeatedly warned against the possibility of using such datasets to reconstruct highly sensitive behavior patterns, including visits to military facilities, operational hubs, and transit routes for deployments.

Legislators are calling for stronger safeguards, including disabling advertising identifiers on military-issued devices, limiting the use of data-hungry applications, and reevaluating software ecosystems heavily dependent upon user tracking, in response to these risks. However, lawmakers have renewed criticism of the Defense Department's approach to digital exposure. Increasingly, it is being acknowledged that commercial surveillance infrastructure can inadvertently provide access to intelligence assets that are not intended for the purposes for which they were intended.

In previous years, concerns were raised when publicly available fitness-tracking data revealed military installations and patrol activities. This demonstrated how seemingly benign consumer technologies may reveal operationally important information. Considering the ongoing military activity of the United States in the Middle East as well as the threat posed by hostile state-backed and proxy entities, the strategic value of location intelligence can no longer be ignored. 

While many large technology companies maintain that their advertising and data-handling systems have security controls, pressure is mounting for stronger federal privacy protections as policymakers reassess the national security implications of data collection on a large scale. Ultimately, the Pentagon's acknowledgement underscores a shift in the threat landscapes of modern civilisations, where intelligence gathering no longer relies solely on satellites, reconnaissance assets, or classified operations, but can also be gained from vast commercial networks, which silently track the digital movements of millions of connected devices every day. 

Moreover, the Pentagon's concerns highlight a fundamental weakness in the digital advertising ecosystem: the same infrastructure, designed to deliver personalised marketing, now serves as an effective surveillance network capable of tracking individuals with remarkable accuracy. Military officials have expressed concern that commercially available data, including advertising identifiers, default location-sharing mechanisms, and browser fingerprinting techniques associated with widely used platforms such as Google Chrome, may be accessed by individuals operating in active conflict environments, according to reports cited by Reuters. 

Rather than focusing on the collection of data itself, the issue is the ease with which detailed behavioral intelligence can be acquired through commercial channels with little or no oversight of who purchases the information and for what purposes.

The Pentagon has been criticised for failing to take sufficient actions to educate and protect its service members from these digital exposure risks; however, lawmakers have also highlighted the large amount of sensitive user information that is monetised by the largely unregulated data brokerage market. Officials argue that, without comprehensive federal privacy safeguards, there are limited practical mechanisms for preventing potentially hostile actors from gaining access to data that can reveal operationally valuable insights. This ecosystem presents an array of threats that go beyond national security concerns.

The recent disclosure of an offshore call tracking and analytics company's role in facilitating large-scale fraud operations relating to tech support has highlighted the potential criminal misuse of trusted commercial technology.

A court-ordered investigation revealed that the former CEO and Chief Security Officer knowingly provided telephone numbers and communications infrastructure to scammers impersonating Microsoft representatives in order to assist them in evading law enforcement scrutiny, identifying new fraudulent opportunities, and expanding their operations in the process. In addition, investigators allege that the individuals went beyond providing services by participating in similar scam networks and even operating their own fraudulent call centers. 

A common challenge that confronts the modern digital economy is illustrated by these developments: systems designed to assist advertisers, analytics analysts, and customers can, when inadequately regulated or maliciously abused, become useful tools for surveillance, deception, and exploitation that go far beyond their intended use. 

Digital tracking poses a number of risks that are becoming increasingly difficult to distinguish from everyday life as the boundaries between commercial technology, personal privacy, and national security continue to blur. As illustrated by the examples presented in both military and consumer environments, data collected for convenience, advertising, or analytics can be exposed, misused, or inadequately managed, causing a variety of consequences beyond their original purpose.

In today's world, organisations, policymakers, and individuals alike face greater challenges than simply addressing cyber threats after they have already arisen. However, it is also important to understand how seemingly routine digital practices can result in unintended security exposures long before an attack occurs. In light of the increasing importance of personal and operational data, strengthening data governance, limiting unnecessary collection, and improving transparency throughout the digital ecosystem are essential.
Read more »
Subscribe to: Posts (Atom)

Featured