A sophisticated Android remote-access trojan named KomeX RAT has emerged on underground hacking forums, with the threat actor Gendirector actively marketing the malware through tiered subscription models.
The malware, built on the foundation of previously documented BTMOB, poses a significant threat to Android device owners due to its extensive capabilities and aggressive advertising campaign within cybercriminal communities.
Gendirector has adopted a commercial subscription approach to maximize profit while distributing the KomeX RAT.
The pricing structure offers three distinct tiers: a monthly subscription for $500, a lifetime license for $1,200, and the complete source code for $3,000. This pricing model mirrors legitimate software distribution practices while facilitating broad adoption within the cybercriminal ecosystem.
The lifetime licensing option particularly lowers barriers to entry for threat actors with limited budgets, enabling smaller-scale criminal operations to access enterprise-grade malware capabilities.
Extensive Malicious Capabilities
The advertised feature set of KomeX RAT demonstrates comprehensive device compromise capabilities that extend far beyond typical malware offerings.
The malware automatically grants itself all permissions without user notification, effectively removing the primary security control that Android’s permission model provides.
This capability works in conjunction with Google Play Protect bypass functionality, allowing the malware to evade one of Android’s primary anti-malware defense mechanisms.
KomeX RAT’s surveillance capabilities are particularly concerning, offering live screen streaming at frame rates up to 60 fps, enabling threat actors to observe victim activity in real-time.
The malware can independently capture camera and microphone feeds, providing attackers with comprehensive audio and video surveillance access. These features align the malware with advanced state-sponsored spyware tools, despite being marketed commercially to cybercriminals.
Beyond surveillance, the malware provides extensive access to sensitive communications and personal data. The Trojan can read, send, and delete SMS messages, potentially allowing attackers to bypass two-factor authentication mechanisms that rely on SMS delivery.
Geolocation determination with map display integration enables physical tracking of infected devices, while forced chat functionality allows attackers to interact directly with victims, facilitating social engineering or extortion campaigns.
The malware offers granular control over device applications, permitting threat actors to start, stop, and uninstall apps remotely.
Complete file system access combined with keylogging capabilities provides attackers with comprehensive data harvesting tools. Notably, KomeX includes anti-uninstall protections coupled with fake removal window simulation, preventing users from easily removing the malware and hiding the infection’s presence.
Threat Landscape Implications
The emergence of KomeX RAT reflects the continued sophistication of the commercial malware-as-a-service ecosystem.
By leveraging existing BTMOB code and implementing subscription-based distribution, Gendirector has created a scalable threat delivery platform.
The accessible pricing structure democratizes advanced malware capabilities among less-skilled threat actors, potentially increasing the frequency and volume of Android-targeted attacks.
All advertised capabilities represent seller claims and have not been independently verified by security researchers at this time. The actual functionality may differ from marketing materials, and these claims should be treated as unvalidated until comprehensive analysis by security researchers confirms the trojan’s true capabilities.
Organizations and individual users should implement comprehensive mobile device security practices, including device scanning with updated security software and cautious app installation practices.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.