- 17:00Israel vows to strike Iran again if threatened, defense minister warns
- 16:20Morocco sees record 8.9 million tourists in first half of 2025
- 15:50Morocco aims to secure five-month wheat stock amid price drop
- 15:20Macron and Starmer to sign historic nuclear deterrence pact
- 14:50Chemsedine Talbi completes Sunderland move after stellar Club Brugge season
- 14:20Police in Marrakech detain Algerian-French suspect wanted by Interpol
- 13:30EU unveils stockpiling plan to prepare for crises and conflict
- 12:50Spain eases lockdowns as firefighters stabilize Catalonia forest blaze
- 12:20Spaniards favor China over the US in shifting global perceptions
Follow us on Facebook
Critical alert: Malware threatens Android banking security in Morocco
Morocco’s General Directorate for Information Systems Security (DGSSI) has raised alarms over a sophisticated malware targeting Android smartphones. The malware, identified as “BTMOB RAT,” was first detected in February and is primarily designed to harvest sensitive information, including banking data.
According to the DGSSI's alert issued recently, this Remote Access Trojan (RAT) is disseminated through phishing websites and malicious applications that may appear on the Google Play Store.
What heightens the concern surrounding this threat is its exploitation of Android’s accessibility services, allowing it to gain legitimate permissions while circumventing the system’s security measures. The malware utilizes advanced methods to maintain ongoing access to compromised devices. Once installed, BTMOB RAT can interact with the user interface to collect sensitive information displayed on the screen, including login credentials, private messages, and banking details. Additionally, it monitors the clipboard, capturing temporarily stored data such as passwords and payment information.
“These services are designed to assist users with specific needs, but when exploited by malware, they enable security restrictions to be bypassed,” notes the Center for Monitoring, Detection, and Response to Computer Attacks.
Operating discreetly in the background, this malware can evade detection by conventional antivirus solutions. This warning emerges amidst escalating concerns regarding digital financial security in Morocco. Last March, cybersecurity firm Cypherleak reported that data from over 31,000 Moroccan bank cards was found for sale on dark web marketplaces, with more than 5,500 cards still active and at risk of fraud.
Experts indicate that BTMOB RAT is being marketed as “Malware-as-a-Service” (MaaS), allowing various cybercriminals to purchase or lease it for their malicious endeavors, significantly amplifying its distribution and potential impact. Estimates from Kaspersky and Lookout Mobile Security indicate that over 500,000 instances of malware exploiting Android accessibility features were recorded in 2024.
This trend is particularly alarming, as users often enable these services for practical purposes such as screen reading or voice navigation. Kaspersky revealed last April that Morocco ranks third among African nations contending with web-based threats, with a staggering 12.6 million attack attempts documented in 2024, trailing only Kenya and South Africa.
The DGSSI advises the integration of compromise indicators into detection systems and urges immediate notification to the Moroccan Computer Emergency Response Team (maCERT) if any related activity is detected. Users are encouraged to exercise vigilance when downloading applications, scrutinize the permissions granted to apps, and regularly monitor for suspicious activities in their Android settings.
This alert is part of a broader increase in mobile cyberattacks. In 2023, Zimperium reported a 51% rise in attacks targeting Android globally, particularly in emerging nations with developing digital infrastructures.