Android Malware “Oblivion” Steals $300/Month via Fake Updates

Oblivion: A Newly Discovered Android Malware

A newly discovered Android malware, dubbed Oblivion, is being sold on the open web for a monthly subscription of $300, allowing cybercriminals to remotely access and control compromised devices.

How Oblivion Spreads

Oblivion typically spreads through fake Google Play update messages, which, when triggered, grant the malware full permissions, including the Accessibility Service, without the device owner’s knowledge or interaction.

Malware Capabilities

Once installed, the malware can intercept private SMS messages to steal banking codes, capture passwords and PINs using a keylogger, and even remotely unlock the device after a restart.

Moreover, hackers can monitor the device’s screen in real-time, using a hidden mode that displays a fake system updating animation to the user while the attacker navigates the device’s apps in the background.

Infrastructure and Compatibility

The malware’s infrastructure is designed to handle over 1,000 simultaneous victims, even when using the Tor network to maintain anonymity.

Researchers note that Oblivion is a significant threat due to its ability to bypass custom security layers used by major Android brands, including HyperOS, MIUI, ColorOS, MagicOS, One UI, and OxygenOS.

The malware is compatible with a wide range of Android versions, from Android 8 to the upcoming Android 16.

Additionally, the malware includes an APK Builder that allows hackers to create fake apps, such as Google Services, in just a few clicks.

Conclusion

The discovery of Oblivion highlights the importance of exercising caution when receiving system update messages and the need for users to be vigilant about the apps they install on their devices.

As the malware continues to pose a significant threat to Android users, it is essential for individuals to remain aware of the risks and take necessary precautions to protect their devices and personal information.