RedHook Android malware now uses Wireless ADB for shell access

RedHook Android malware now uses Wireless ADB for shell access
RedHook is a new Android malware version that abuses Wireless ADB in a novel way to gain shell-level privileges without needing a computer connection. It retains powerful RAT features and is spread through social engineering that impersonates government agencies or financial institutions to lure victims to fake Google Play sites. #RedHook #AndroidWirelessDebugging #ADB #Shizuku #Group-IB

Keypoints

  • RedHook abuses Wireless ADB to obtain shell-level access on Android devices.
  • The malware tricks users into granting Accessibility permissions to enable Developer Options and Wireless Debugging.
  • It pairs over the loopback interface and uses Shizuku to run privileged commands.
  • RedHook can stream the screen, capture input, install apps, steal data, and show fake dialogs.
  • The malware uses multiple persistence methods and spreads through impersonation-based social engineering.

Read More: https://www.bleepingcomputer.com/news/security/redhook-android-malware-now-uses-wireless-adb-for-shell-access/