A newly identified Android remote access trojan (RAT) dubbed KomeX has surfaced on underground hacker forums, generating widespread concern within the cybersecurity community.<\/p>\n
Marketed by a threat actor under the alias \u201cGendirector,\u201d KomeX is built atop the infamous BTMOB RAT codebase and presents a formidable arsenal of spying and device control features.<\/p>\n
Recognized for its sophistication, KomeX is designed to compromise Android devices en masse, making it an enticing tool for cybercriminals seeking to monetize mobile infections.<\/p>\n
The malware\u2019s distribution tactics rely heavily on malicious Android apps pushed via unofficial marketplace sources and phishing campaigns<\/a>.<\/p>\n Victims are typically enticed to install tampered applications or unwittingly click on convincing social engineering lures.<\/p>\n What sets KomeX apart is its aggressive approach to obtaining device permissions almost immediately after installation, drastically expanding its reach and resilience once embedded in a target system.<\/p>\n KrakenLabs security analysts were instrumental in identifying<\/a> and dissecting KomeX after its forum debut.<\/p>\n Their analysis revealed the trojan\u2019s ability to bypass Google Play Protect, stripping Android devices of a fundamental protective barrier against malware.<\/p>\n Among its notable capabilities are high-fidelity live screen streaming, stealth audio and video capture via camera and microphone, instant access to SMS interception and manipulation, live geolocation tracking, remote control of all major apps, and full filesystem access layered with a covert keylogger<\/a>.<\/p>\n The threat actor #Gendirector<\/a> is selling \u201cKomeX RAT\u201d: an Android remote-access trojan based on BTMOB on an underground forum.<\/p>\n \u2014 KrakenLabs (@KrakenLabs_Team) November 11, 2025<\/a>\n<\/p><\/blockquote>\n\n
![\"\ud83d\udea8\"](\"https:\/\/i0.wp.com\/s.w.org\/images\/core\/emoji\/16.0.1\/72x72\/1f6a8.png?ssl=1\")
New Android RAT for sale: #KomeX<\/a> RAT<\/p>\n![\"\ud83d\udee0\"](\"https:\/\/i0.wp.com\/s.w.org\/images\/core\/emoji\/16.0.1\/72x72\/1f6e0.png?ssl=1\")
Claimed features include:
\u2022 Auto-grant all permissions
\u2022 Bypass Google Play Protect
\u2022 Live screen stream\u2026 pic.twitter.com\/yDHwRz9oX1<\/a><\/p>\n