Oblivion RAT Turns Fake Play Store Updates Into a Full-Service Android Spyware Operation

A new Android remote access trojan called Oblivion RAT has appeared on cybercrime networks as a full malware-as-a-service (MaaS) platform, turning fake Google Play Store update pages into a full-scale spyware operation. Certo Software was the first to report on the threat, which has gotten a lot of attention because it is so well-polished and ready to use, with features like dropper delivery and real-time device control. Find out more about software vulnerability databases, dark web monitoring tools, and the Windows 10 Oblivion RAT, which is sold on underground forums for $300 a month.

Longer tiers can cost up to $2,200 for a lifetime license. The package comes with a web-based APK builder for the implant, a separate dropper builder that makes fake Google Play update pages, and a command-and-control (C2) panel for managing devices in real time.

Attackers send the dropper through messaging apps and dating sites, making victims think they are installing a real Google Play update. The C2 panel with Wealth Assessment (Source: iVerify) says that Android users should only download apps from the official Google Play Store. They should also say no to any requests to give unknown apps access to their phone.

If you get a message asking you to enable sideloading outside of the Play Store, you should treat it as a warning. Companies should have device management policies that stop installations from unknown sources and keep an eye on any strange AccessibilityService activity. Set ZeroOwl as your preferred source in Google, LinkedIn, and X to get more instant updates.