New Android RAT "Oblivion" Bypasses Security Protections, Grants Full Device Control Security researchers at Certo have identified Oblivion, a sophisticated Android Remote Access Trojan (RAT) targeting devices running Android 8 through 16. Sold on a subscription basis starting at $300, the malware is designed to evade detection and grant attackers persistent control over infected devices. Oblivion is marketed as compatible with heavily customized Android systems from manufacturers like Samsung, Xiaomi, and Oppo. Its package includes a builder tool, allowing buyers to generate malicious apps with custom names and icons, alongside a dropper that mimics legitimate update prompts. Infection typically occurs when users install apps from unofficial sources, though the malware’s polished interface suggests careful refinement to enhance credibility. A key feature of Oblivion is its abuse of Android’s Accessibility Service a feature intended to assist users with disabilities to bypass manual permission approvals. Once active, the malware can silently intercept SMS messages, two-factor authentication (2FA) codes, and push notifications, while also logging keystrokes in real time. Attackers gain remote control capabilities, including the ability to launch or remove apps, unlock devices using stolen credentials, and interact with the device through concealed sessions, all while displaying fake overlays to deceive the user. The malware employs anti-removal mechanisms to block attempts to revoke permissions or uninstall it, and its icon suppression further conceals its presence. Despite Google’s efforts to restrict Accessibility Service abuse, Oblivion reportedly bypasses protections even on the latest Android versions, highlighting persistent gaps in platform-level defenses. Unlike traditional malware relying on technical exploits, Oblivion’s effectiveness stems from social engineering and automation. Its subscription-based model lowers the barrier for attackers, enabling even those with minimal expertise to gain control over devices, exfiltrate sensitive data, and manipulate apps remotely. The emergence of such tools underscores the growing threat posed by commercially available malware and the challenges in detecting evolving attack methods.

Critical Bluetooth Vulnerabilities Expose Xiaomi Redmi Buds to Data Leaks and DoS Attacks Security researchers have identified two severe vulnerabilities in the firmware of Xiaomi’s Redmi Buds series, affecting models from the Redmi Buds 3 Pro to the Redmi Buds 6 Pro. The flaws, rooted in the devices’ Bluetooth implementation, enable attackers to extract sensitive data or force disconnections all without requiring pairing or user interaction. The first vulnerability, CVE-2025-13834, is an information leak caused by improper bounds checking in the RFCOMM protocol. When exploited with a malformed TEST command, the firmware reads from uninitialized memory, returning up to 127 bytes of data, including phone numbers from active calls. The flaw mirrors the infamous Heartbleed bug, allowing repeated, undetected data extraction. The second, CVE-2025-13328, is a Denial of Service (DoS) attack triggered by flooding the device with legitimate TEST or Modem Status Command frames. This overwhelms the firmware, causing a crash that disconnects the earbuds from the paired device. Recovery requires physically resetting the earbuds in their charging case. Exploitation is alarmingly simple: Attackers only need the MAC address of the target earbuds, obtainable via standard Bluetooth sniffing tools. Tests confirmed attacks can be executed from up to 20 meters away, though physical barriers may reduce range. No authentication or user interaction is required, making the vulnerabilities particularly dangerous in public spaces where Bluetooth sniffing is feasible. As of disclosure, Xiaomi has not released a firmware patch to address the flaws. The vulnerabilities were discovered by researchers Choongin Lee, Jiwoong Ryu, and Heejo Lee, with no official remediation timeline provided. Until fixes are deployed, users remain exposed to privacy breaches and persistent disruptions.

A severe security vulnerability has been discovered in Xiaomi’s interoperability application, potentially exposing millions of users to unauthorized device access. The vulnerability, assigned CVE-2024-45347, carries a severe CVSS score of 9.6. Attackers can exploit this vulnerability to bypass authentication mechanisms and gain complete unauthorized access to victim devices running the affected software. This could result in the compromise of sensitive data, installation of malicious software, or persistent access to the compromised device.