- Oblivion can intercept SMS, push notifications, and two-factor authentication codes silently
- Malware bypasses Accessibility Service, granting attackers full device control without prompts
- A remote control allows concealed access while the user sees fake overlays
Oblivion is a newly observed Android Remote Access Trojan which reportedly targets a range of popular devices running Android 8 through 16.
Security researchers at Certo have examined the tool, which is sold on a subscription basis starting at $300, and claims to be capable of working on heavily customized systems from Samsung, Xiaomi, and Oppo.
The package includes a builder that allows buyers to generate malicious apps with chosen names and icons, alongside a dropper that imitates legitimate update prompts.
Bypassing protections and staying hidden
Rather than relying on technical exploits alone, the infection method often depends on persuading users to install applications from outside official channels.
That approach is not new, although the polish of the interface shown in demonstrations suggests careful refinement.
Normally, Android asks users to manually approve sensitive permissions, but the malware reportedly bypasses them - however, one of the central claims surrounding Oblivion is its ability to automate permission approval, particularly through abuse of Android’s Accessibility Service.
This feature was originally designed to assist users with disabilities, yet it can grant extensive control when misused.
Once active, Oblivion can read SMS messages, intercept two-factor authentication codes, monitor push notifications, and log keystrokes in real time.
It can also remotely launch or remove applications and unlock the device using captured credentials, as a hidden remote control feature allows attackers to interact with the device through concealed sessions while the user sees only a convincing system overlay.
Anti-removal mechanisms reportedly block attempts to revoke permissions or uninstall the malware, and icon suppression hides its presence.
The emergence of a tool capable of bypassing built-in protections raises concerns about the durability of platform-level defenses.
Google has progressively restricted Accessibility Service abuse, yet claims that the latest Android versions can be bypassed suggest continued gaps.
Users are most at risk when installing apps from outside the Play Store, responding to unexpected update prompts, or granting Accessibility permissions unnecessarily.
Running security scans, using endpoint protection, maintaining a firewall, and regularly auditing app permissions can reduce exposure.
AI tools are increasingly involved in detection, but the malware’s subscription-based availability lowers the barrier for attackers and broadens its potential impact.
Oblivion does not rely on highly technical exploits; its effectiveness comes from social engineering combined with automation.
Its commercial accessibility means that even attackers with minimal expertise can achieve persistent control over devices, intercept sensitive information, and manipulate apps remotely.
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.