Oblivion RAT: New Android Malware as a Service Threatens Users and Enterprises

Oblivion RAT: New Android Malware as a Service Threatens Users and Enterprises

First seen 21 Mar 2026, 21:55 UTC ZimperiumGbhackersCybersecuritynews 90% similarity 72.5

Article Content

Browse articles
ThreatCluster

Oblivion RAT is a sophisticated Android remote access trojan (RAT) sold as a Malware-as-a-Service (MaaS) platform. It operates on a subscription model, providing threat actors with tools like a web-based APK builder and dropper generator for social engineering. The malware uses a two-stage infection model, employing pixel-perfect replicas of Google Play update pages to deceive users into enabling Accessibility Services. Once enabled, it grants itself dangerous permissions, including SMS access and device administration, while remaining invisible. Oblivion RAT features anti-analysis techniques, such as fake ZIP encryption, to evade detection. Zimperium's zLabs has confirmed 100% zero-day coverage against this threat for its customers. The RAT poses significant risks to enterprise environments by intercepting two-factor authentication codes and capturing keystrokes. Recent telemetry identified 45 new variants of Oblivion RAT, which show low coverage among traditional antivirus engines, indicating active diversification by its operators. The indicators of compromise are available in a GitHub repository.

Key Points: • Oblivion RAT is a new Android RAT sold as Malware-as-a-Service. • It employs deceptive techniques to bypass user suspicion and gain permissions. • Zimperium provides 100% zero-day protection against Oblivion RAT for its customers.

ThreatCluster AI

Timeline

2026-03-21
Zimperium publishes research on Oblivion RAT.
Recent
45 new variants of Oblivion RAT identified.

Community

Browse all →