Oblivion: $300-a-Month Android Malware Disguised as Fake Updates Hijacks Phones and Evades Security
scsecMarch 3, 20262 Mins read 
Android Malware “Oblivion” Sold for $300 a Month, Uses Fake Updates to Take Over Phones
Cybersecurity researchers at Certo have uncovered a powerful new Android Remote Access Trojan (RAT) named Oblivion, which is being openly sold online for $300 per month. Unlike many advanced malware tools that circulate on the dark web, Oblivion is advertised publicly, making it easier for cybercriminals to access.
According to research shared with Hackread.com, the malware is designed to be simple to operate. Buyers do not need technical expertise to deploy it, lowering the barrier for digital spying and financial theft.
Subscription-Based Cybercrime
Oblivion is offered under multiple pricing plans:
- $300 per month
- $700 for three months
- $1,300 for six months
- $2,200 for lifetime access
The infrastructure behind the malware is built to scale, reportedly capable of managing over 1,000 infected devices at once. Operators can also route activity through the Tor network to conceal their identity.
How the Attack Works
Oblivion avoids the typical suspicious pop-ups associated with Android malware. Instead, it relies on a fake system update notification that mimics a legitimate Google Play update.
Once the victim taps the update prompt:
- The malware silently grants itself full permissions.
- It activates Android’s Accessibility Service, a powerful feature intended to help users with disabilities.
- The device owner does not need to manually approve permissions.
By abusing Accessibility Service, the malware gains near-total control of the device.
Capabilities After Infection
Once installed, Oblivion can:
- Read SMS messages to intercept bank verification codes.
- Capture passwords and PINs through a keylogger.
- Remotely unlock the device after a restart.
- Stream the victim’s screen live to the attacker.
One particularly deceptive tactic involves displaying a fake “system updating” animation while attackers secretly browse apps and collect data in the background.
Researchers describe Oblivion as a “step-change” in Android threats because it was built from scratch to evade detection and resist standard security defenses.
Major Android Brands Targeted
Oblivion is compatible with nearly all modern Android versions, from Android 8 through the upcoming Android 16. It is also engineered to bypass the custom security layers of major smartphone manufacturers, including:
- Xiaomi’s MIUI and HyperOS
- OPPO’s ColorOS
- Honor’s MagicOS
- Samsung’s One UI
- OnePlus’s OxygenOS
The seller claims the malware was tested for four months to ensure it avoids behavioral detection and remains invisible to antivirus solutions.
Additionally, it includes an APK Builder tool that allows attackers to quickly generate fake apps—such as counterfeit Google Services—to distribute the malware more convincingly.
Why It’s Dangerous
What makes Oblivion especially concerning is how normal it appears. The infection process imitates a routine system update, something users regularly encounter. This familiarity reduces suspicion and increases the success rate of attacks.
Because the malware operates silently and grants itself permissions automatically, victims may not realize their device has been compromised until financial or personal damage has already occurred.
How to Protect Yourself
Experts recommend:
- Only installing apps and updates directly from trusted official sources.
- Avoiding unexpected update prompts.
- Keeping Android security patches up to date.
- Installing reputable mobile security software.
- Powering off your device immediately if it becomes stuck on an unexplained update screen, then performing a full security scan.
Remaining cautious about downloads and update notifications remains the strongest defense against threats like Oblivion.
1 Comment
Leave a Reply
Related Articles
DoJ Seizes $61 Million in Tether from Global Pig Butchering Crypto Scam Network
DoJ Seizes $61 Million in Tether Linked to Pig Butchering Crypto Scams...
Europol’s Project Compass Dismantles The Com Cybercrime Network, 30 Arrested Across 28 Countries
Europol’s ‘Project Compass’ Targets The Com Network, 30 Arrested A yearlong international...
$4.8M in Seized Crypto Stolen After Korean Tax Agency Accidentally Leaks Wallet Seed Phrase
$4.8M in Crypto Stolen After South Korean Tax Agency Exposes Wallet Seed...
Cyberwar Erupts as US-Israel and Iran Exchange Wiper Attacks, DDoS Strikes, and Infrastructure Hacks
US-Israel and Iran Exchange Cyber Blows as Conflict Escalates The escalating military...
This is a serious warning for Android users. Oblivion RAT shows how malware is becoming more sophisticated and easier for cybercriminals to use. Always verify updates, avoid unknown sources, and keep your device security software up to date.