RedHook variant weaponizes Wireless ADB to gain shell control on Android

A new RedHook Android malware variant abuses Wireless ADB to obtain shell-level privileges without a PC by tricking victims into granting Accessibility permissions and using Shizuku to run privileged commands. It effectively turns the phone into its own ADB client (via 127.0.0.1), enabling 53 commands including screen streaming, input simulation, app install/uninstall, data theft, overlays, and even camera access, all without device rooting. The malware uses multiple persistence methods (silent audio, WakeLocks, dual services, watchdog, boot autostart, and oom_score_adj) and is distributed via social engineering that impersonates government or financial institutions to push fake Google Play sites. Users are advised to only install from Google Play, scrutinize permissions, and keep Play Protect enabled.
- RedHook Android malware now uses Wireless ADB for shell access BleepingComputer
- Android Malware Can Control Phones in Southeast Asia TechRepublic
- New malware for Android can empty your bank accounts in secret Android Authority
- Android users told to delete this fake app to avoid virus stealing bank details Darlington & Stockton Times
- RedHook Android: malicious Malware via ADB Wireless SecNews.gr
Reading Insights
0
1
4 min
vs 5 min read
88%
906 → 113 words
Want the full story? Read the original article
Read on BleepingComputer