Amid rising cyber threats, the General Directorate of Information Systems Security has issued a warning about a new virus known as «BTMOB RAT», which targets Android phones in Morocco. In this interview with cybersecurity expert Hassan Kherjouj, we explore the nature of this dangerous malware, the vulnerabilities it exploits, and the most effective ways users can protect themselves. The General Directorate of Information Systems Security, part of the National Defense Administration, has issued a warning about new spyware called BTMOB RAT, which specifically targets Android devices. To better understand the threat and how to respond to it, we spoke with Moroccan cybersecurity expert Hassan Kherjouj. How widespread is the BTMOB RAT virus in Morocco ? Are there signs that local users are being targeted ? Fortunately, there has been no widespread outbreak of this virus in Morocco so far. The swift action by the General Directorate of Information Systems Security, through its warning memorandum, helped avert what could have been a serious breach. Had this Trojan gone undetected, it could have caused significant damage. What exactly is this virus, and what makes it so dangerous ? BTMOB RAT is a highly dangerous form of malware known as a Remote Access Trojan (RAT). It enables hackers to take complete control of a victim's phone without their knowledge or consent. It's typically spread through phishing websites, malicious links, fake apps, and APK files from untrusted sources. What makes it particularly threatening is its abuse of Android's Accessibility Services, which allows it to gain elevated privileges, bypass security protections, and extract sensitive data displayed on the screen—such as passwords, messages, and banking details. It also monitors the clipboard to steal temporarily copied information and can execute background commands without the user's knowledge. To avoid detection, the malware mimics legitimate app behavior, making it difficult to spot. It exploits how accessibility services work to grant itself permissions silently and can remain hidden from antivirus software and built-in security tools. What vulnerabilities does this type of malware exploit, and why do they persist despite regular updates ? Its primary target is Android's Accessibility Services, which, while intended to help users with disabilities, can be exploited to gain full access to a device. Despite frequent updates, cybercriminals continuously develop new techniques and uncover previously unknown vulnerabilities—meaning no system is entirely immune. Can the average user tell the difference between a safe and malicious app ? What common mistakes make phones more vulnerable to hacking ? In reality, it's extremely difficult for the average user to identify threats like BTMOB RAT, especially since such malware often disguises itself as legitimate apps. The best defense is to use trusted and regularly updated security software, and to avoid downloading apps from unofficial sources or clicking on suspicious links or messages. The most common mistakes include downloading apps from outside official app stores, clicking on unknown links, and falling for messages promising prizes or gifts. These actions open the door to infections like BTMOB RAT. Using reputable security tools and keeping them up to date can reduce the risk of hacking by up to 90%. Is Morocco's digital infrastructure—whether at the individual or institutional level—equipped to handle such threats ? How important is public awareness ? To some degree, there are ongoing efforts. But what's truly needed is swift and serious engagement from all institutions when official warnings are issued—such as those from the General Directorate of Information Systems Security. This agency includes highly qualified engineers, and their guidance should be taken seriously. Awareness is absolutely critical. No one, regardless of expertise, can fully anticipate every hacking method, as cyber threats evolve rapidly. That's why institutions, along with the media, must play a greater role in educating the public about cybersecurity. Finally, do you believe Morocco needs a more comprehensive national strategy for cybersecurity awareness ? Definitely. A clear and robust national strategy is essential—especially in education. Unfortunately, cybersecurity is still largely absent from school curricula, despite the fact that students are using smart devices every day. The relevant ministries must act to integrate this crucial topic into the training and education of Moroccan youth.
