BTMOB is a commercially sold Android RAT operating as malware-as-a-service at $700/month, actively marketed and sold to low-skill operators who deploy custom malicious Android apps targeting Latin American users via fake government and Google Play lures. The platform abuses Android Accessibility Services to achieve deep device control without rooting, enabling credential theft, SMS interception, screen capture, and location tracking. No Android software vulnerability is exploited; the attack surface is the legitimate Accessibility Services API and sideloading enablement.