Oblivion

Oblivion is an Android remote access trojan (RAT) reported by Certo and described as being sold openly on the public web under a subscription model, with pricing cited at $300 per month or $2,200 for lifetime access. It is marketed as easy to use, lowering the technical barrier for cybercriminals and stalkers. The malware commonly infects devices through a fake Google Play update message and includes an APK Builder that can generate trojanized fake apps, including examples masquerading as “Google Services.” Once installed, Oblivion abuses Android Accessibility Service to silently grant itself extensive permissions without user interaction. Reported capabilities include reading private SMS messages to steal banking codes, keylogging to capture passwords and PINs, remotely unlocking a phone after restart, and covert remote control with live screen viewing. During attacker activity, it can display a fake “system updating” animation while the operator navigates apps in the background. Certo reported that its backend infrastructure can support more than 1,000 concurrent victims and that operators can use Tor for anonymity. The malware was reported to target Android 8 through Android 16 and to bypass OEM security layers on major Android brands, specifically including HyperOS, Xiaomi MIUI, OPPO ColorOS, Honor MagicOS, Samsung One UI, and OnePlus OxygenOS. The seller also claimed it had been tested for four months to evade behavioral detection and remain hidden from antivirus software.