- Oblivion can silently intercept text messages, push notifications and two-factor authentication codes
- Malware bypasses the Accessibility Service, granting attackers full control over the device without prompting
- A remote control allows concealed access while the user sees fake overlays
Oblivion is a recently observed Android remote access Trojan that is believed to target a range of popular devices running Android 8 to 16.
Certo security researchers examined the tool, sold on a subscription basis starting at $300, and claims to be able to run on highly customized systems from Samsung, Xiaomi and Oppo.
The package includes a generator that allows buyers to generate malicious apps with chosen names and icons, as well as a dropper that imitates legitimate update prompts.
Bypass protections and stay hidden
Rather than relying solely on technical exploits, the infection method often involves persuading users to install applications outside of official channels.
This approach is not new, although the finish of the interface presented in the demonstrations suggests careful refinement.
Normally, Android asks users to manually approve sensitive permissions, but the malware would bypass them. However, one of Oblivion’s main claims is its ability to automate permission approval, including by abusing Android’s Accessibility service.
This feature was originally designed to help disabled users, but it can grant expanded control if misused.
Once active, Oblivion can read SMS messages, intercept two-factor authentication codes, monitor push notifications, and record keystrokes in real time.
It can also launch or kill apps remotely and unlock the device using captured credentials, as a hidden remote control feature allows attackers to interact with the device via hidden sessions while the user only sees a convincing system overlay.
Anti-deletion mechanisms would block attempts to revoke permissions or uninstall the malware, and removing icons would hide its presence.
The emergence of a tool capable of bypassing built-in protections raises concerns about the durability of platform-level defenses.
Google has gradually curbed abuse of the accessibility service, but claims that the latest versions of Android can be bypassed suggest continued shortcomings.
Users are most at risk when they install apps outside of the Play Store, respond to unexpected update prompts, or unnecessarily grant accessibility permissions.
Running security scans, using endpoint protection, maintaining a firewall, and regularly auditing application permissions can reduce exposure.
AI tools are increasingly involved in detection, but the availability of subscription-based malware lowers the barrier for attackers and broadens its potential impact.
Oblivion does not rely on highly technical exploits; its effectiveness comes from social engineering combined with automation.
Its commercial accessibility means that even attackers with minimal expertise can gain persistent control over devices, intercept sensitive information, and manipulate applications remotely.
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
