- Oblivion can silently intercept SMS, push notifications and two-factor authentication codes
- The malware bypasses the Accessibility Service and gives attackers full device control without prompts
- A remote control allows covert access while the user sees fake overlays
Oblivion is a recently observed Android Remote Access Trojan which is said to target a number of popular devices running Android 8 to 16.
Security researchers at Certo have examined the tool, which is sold on a subscription basis starting at $300, and claims to be able to work on heavily customized systems from Samsung, Xiaomi and Oppo.
The package includes a builder that allows buyers to generate malicious apps with chosen names and icons, along with a dropper that mimics legitimate update prompts.
Bypass protection and stay hidden
Rather than relying on technical exploits alone, the infection method often relies on persuading users to install applications from external official channels.
That approach isn’t new, though the polish of the interface shown in demonstrations suggests careful refinement.
Normally, Android prompts users to manually approve sensitive permissions, but the malware reportedly bypasses them – however, one of the key claims surrounding Oblivion is its ability to automate permission approval, particularly through the abuse of Android’s Accessibility Service.
This feature was originally designed to help users with disabilities, but it can provide extensive control when misused.
When active, Oblivion can read text messages, intercept two-factor authentication codes, monitor push notifications, and log keystrokes in real time.
It can also remotely launch or uninstall applications and unlock the device using registered credentials, as a hidden remote control feature allows attackers to interact with the device through hidden sessions while the user only sees a convincing system overlay.
Anti-removal mechanisms reportedly block attempts to revoke permissions or uninstall the malware, and icon suppression hides its presence.
The emergence of a tool capable of bypassing built-in protections raises concerns about the durability of platform-level defenses.
Google has gradually curbed abuse of the accessibility service, but claims that recent Android versions can be bypassed suggest continued loopholes.
Users are most at risk when they install apps outside of the Play Store, respond to unexpected update prompts, or grant accessibility permissions unnecessarily.
Running security scans, using endpoint protection, maintaining a firewall, and regularly reviewing app permissions can reduce exposure.
AI tools are increasingly involved in detection, but the malware’s subscription-based availability lowers the barrier for attackers and expands its potential impact.
Oblivion doesn’t rely on highly technical exploits; its effectiveness comes from social engineering combined with automation.
Its commercial availability means that even attackers with minimal expertise can gain persistent control over devices, intercept sensitive information and remotely manipulate apps.
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
