While the screen shows a familiar picture, something irreparable is happening behind the scenes.
A new tool for remotely hacking Android devices has appeared publicly on underground forums, and it's already being called one of the most dangerous in recent years. The malware, called Oblivion, is sold by subscription and, according to Certo, is indeed capable of bypassing the security mechanisms of most modern smartphones.
Oblivion is a RAT —a remote access trojan that gives an attacker complete control over a device. The program is designed for Android versions 8 through 16, meaning it covers virtually all current devices. The developer actively promotes the product on a hacker forum, including a demo video.
The kit includes an APK builder, allowing you to assemble a malicious app without programming skills. You can choose the name, icon, and operating mode, disguising the file, for example, as "Google Services." A separate module creates a so-called "dropper"—an installer that displays a fake notification about a mandatory update via Google Play and convinces you to enable installation from unknown sources.
Oblivion's key feature is its automatic permissions granting, without the device owner's intervention. Android typically requires manual approval for access to sensitive features, especially accessibility services. In this case, the malware, as the vendor claims and the analysis confirms, suppresses system dialogs. It claims to be compatible not only with stock Android but also with modified versions of major brands: Xiaomi's MIUI and HyperOS, Samsung's One UI, OPPO's ColorOS, Honor's MagicOS, and OnePlus' OxygenOS.
By accessing the accessibility service, the program effectively gains a universal key to the system. It can read the contents of any application, intercept input, hide notifications, and control the interface. Oblivion also uses a hidden version of VNC —the attacker sees and controls the device in a separate, invisible session, while the victim's screen displays, for example, a "System updating..." animation. This separate mode allows for bypassing security features of banking apps and crypto wallets that block screen capture.
Its functionality is primarily focused on stealing financial data. The malware reads and sends SMS messages, intercepts two-factor authentication codes , records every keystroke, and accesses files and the list of installed apps. If necessary, it can automatically unlock the smartphone after a reboot using the intercepted PIN or password.
The developers also focused on robustness. The app blocks attempts to revoke permissions, disable accessibility services, or uninstall the app. According to the vendor, the infrastructure can handle over a thousand simultaneous connections, including through anonymizing networks.
Oblivion is a subscription-based game. Prices range from $300 per month to $2,200 for lifetime use. The source code is not shared with purchasers; access is provided to a ready-made control panel.
According to Certo, the combination of automatic restriction bypass, hidden remote control, and uninstall resistance makes Oblivion a serious challenge to Android platform security. The claimed workaround for Android 16 is particularly significant, as Google has tightened controls over accessibility services. As a result, even a single tap on a fake update notification could lead to a complete and undetectable compromise of banking apps on the device.
A new tool for remotely hacking Android devices has appeared publicly on underground forums, and it's already being called one of the most dangerous in recent years. The malware, called Oblivion, is sold by subscription and, according to Certo, is indeed capable of bypassing the security mechanisms of most modern smartphones.
Oblivion is a RAT —a remote access trojan that gives an attacker complete control over a device. The program is designed for Android versions 8 through 16, meaning it covers virtually all current devices. The developer actively promotes the product on a hacker forum, including a demo video.
The kit includes an APK builder, allowing you to assemble a malicious app without programming skills. You can choose the name, icon, and operating mode, disguising the file, for example, as "Google Services." A separate module creates a so-called "dropper"—an installer that displays a fake notification about a mandatory update via Google Play and convinces you to enable installation from unknown sources.
Oblivion's key feature is its automatic permissions granting, without the device owner's intervention. Android typically requires manual approval for access to sensitive features, especially accessibility services. In this case, the malware, as the vendor claims and the analysis confirms, suppresses system dialogs. It claims to be compatible not only with stock Android but also with modified versions of major brands: Xiaomi's MIUI and HyperOS, Samsung's One UI, OPPO's ColorOS, Honor's MagicOS, and OnePlus' OxygenOS.
By accessing the accessibility service, the program effectively gains a universal key to the system. It can read the contents of any application, intercept input, hide notifications, and control the interface. Oblivion also uses a hidden version of VNC —the attacker sees and controls the device in a separate, invisible session, while the victim's screen displays, for example, a "System updating..." animation. This separate mode allows for bypassing security features of banking apps and crypto wallets that block screen capture.
Its functionality is primarily focused on stealing financial data. The malware reads and sends SMS messages, intercepts two-factor authentication codes , records every keystroke, and accesses files and the list of installed apps. If necessary, it can automatically unlock the smartphone after a reboot using the intercepted PIN or password.
The developers also focused on robustness. The app blocks attempts to revoke permissions, disable accessibility services, or uninstall the app. According to the vendor, the infrastructure can handle over a thousand simultaneous connections, including through anonymizing networks.
Oblivion is a subscription-based game. Prices range from $300 per month to $2,200 for lifetime use. The source code is not shared with purchasers; access is provided to a ready-made control panel.
According to Certo, the combination of automatic restriction bypass, hidden remote control, and uninstall resistance makes Oblivion a serious challenge to Android platform security. The claimed workaround for Android 16 is particularly significant, as Google has tightened controls over accessibility services. As a result, even a single tap on a fake update notification could lead to a complete and undetectable compromise of banking apps on the device.
