RedHook is a new Android malware version that abuses Wireless ADB in a novel way to gain shell-level privileges without needing a computer connection. It retains powerful RAT features and is spread through social engineering that impersonates government agencies or financial institutions to lure victims to fake Google Play sites. #RedHook #AndroidWirelessDebugging #ADB #Shizuku #Group-IB
Keypoints
- RedHook abuses Wireless ADB to obtain shell-level access on Android devices.
- The malware tricks users into granting Accessibility permissions to enable Developer Options and Wireless Debugging.
- It pairs over the loopback interface and uses Shizuku to run privileged commands.
- RedHook can stream the screen, capture input, install apps, steal data, and show fake dialogs.
- The malware uses multiple persistence methods and spreads through impersonation-based social engineering.