A newly identified Android Remote Access Trojan (RAT), known as Oblivion, is causing alarm within mobile cybersecurity circles. Priced at $300 monthly on a public hacking platform, this malware can covertly gain control over Android devices without the user’s awareness.
Innovative Features and Broad Target Range
Oblivion stands out by integrating various harmful functions into a user-friendly package. It targets Android versions from 8 to 16, making nearly all active devices susceptible. The tool’s design allows attackers to deploy it without needing sophisticated programming skills, thanks to its point-and-click builder that facilitates fake app creation and deployment.
According to Certo analysts, who examined a comprehensive seller advertisement and demonstration on a public hacking forum, Oblivion underwent live testing for over four months prior to its release, evading detection throughout this period. This extensive pre-release testing is rare for such underground tools, indicating a more calculated development process.
Subscription Model and Extensive Control
Oblivion operates on a subscription basis, with costs starting at $300 for one month and extending to $2,200 for lifetime access. The seller retains exclusive control as buyers cannot access the source code. Once deployed, the malware can intercept SMS messages, including two-factor authentication codes, view banking app notifications, log keystrokes, manage files, and remotely control apps and unlock the device using a captured PIN.
These capabilities grant attackers near-total control over compromised devices, posing significant security threats to users.
Undetectable Operation Techniques
Oblivion’s most technically advanced feature is its Hidden VNC (HVNC), allowing a concealed remote session that remains invisible to the victim. While the victim sees a misleading “System updating…” animation, the attacker maintains full interactive control in an unseen environment.
Delivered through a Dropper Builder that mimics a Google Play update prompt, the malware utilizes social engineering to prompt the installation of unknown sources, appearing routine to the victim. Once installed, Oblivion bypasses Android’s Accessibility Service permissions, operating seamlessly across major Android interfaces such as Samsung One UI and Xiaomi MIUI.
To mitigate infection risks, users should install apps exclusively from the Google Play Store and treat any unexpected update prompts from outside sources with suspicion. Regular checks on Settings > Accessibility to revoke permissions from unknown apps are recommended. If a device freezes unexpectedly during a system update, turning it off and running a security scan is advisable.
Stay informed on cybersecurity developments by following us on Google News, LinkedIn, and X, and consider setting CSN as a preferred source in Google for timely updates.
