
RedHook variant weaponizes Wireless ADB to gain shell control on Android
A new RedHook Android malware variant abuses Wireless ADB to obtain shell-level privileges without a PC by tricking victims into granting Accessibility permissions and using Shizuku to run privileged commands. It effectively turns the phone into its own ADB client (via 127.0.0.1), enabling 53 commands including screen streaming, input simulation, app install/uninstall, data theft, overlays, and even camera access, all without device rooting. The malware uses multiple persistence methods (silent audio, WakeLocks, dual services, watchdog, boot autostart, and oom_score_adj) and is distributed via social engineering that impersonates government or financial institutions to push fake Google Play sites. Users are advised to only install from Google Play, scrutinize permissions, and keep Play Protect enabled.




