Oblivion malware quietly hijacks your Android device while bypassing top security, letting anyone control phones with little effort
Publish Date: 2026-02-28 14:35:00
Source Domain: www.techradar.com
- Oblivion can intercept SMS, push notifications, and two-factor authentication codes silently
- Malware bypasses Accessibility Service, granting attackers full device control without prompts
- A remote control allows concealed access while the user sees fake overlays
Oblivion is a newly observed Android Remote Access Trojan which reportedly targets a range of popular devices running Android 8 through 16.
Security researchers at Certo have examined the tool, which is sold on a subscription basis starting at $300, and claims to be capable of working on heavily customized systems from Samsung, Xiaomi, and Oppo.
The package includes a builder that allows buyers to generate malicious apps with chosen names and icons, alongside a dropper that imitates legitimate update prompts.
You may like
Bypassing protections and staying hidden
Rather than relying on technical exploits alone, the infection method often depends on persuading users to install applications from outside official channels.
That approach is not new, although the polish of the interface shown in demonstrations suggests careful refinement.
Normally, Android asks users to manually approve sensitive permissions, but the malware reportedly bypasses them – however, one of the central claims surrounding Oblivion is its ability to automate permission approval, particularly through abuse of Android’s Accessibility Service.
This feature was originally designed to assist users with disabilities, yet it can grant extensive control when misused.
Once active, Oblivion can read SMS messages, intercept two-factor authentication codes, monitor push notifications, and log keystrokes in real time.
It can also remotely launch or remove applications and unlock the device using captured credentials, as a hidden remote control feature allows attackers to interact with the…
