← All stories
● Covered by 1 source Β· 1 reportHigh impact

RedHook Android malware exploits Wireless ADB for elevated privileges

Aggregated by BrevFeed security Β· updated 1h ago
πŸ”– Save

The RedHook Android malware now leverages Wireless ADB to gain shell access without USB connections. This enhancement increases its capability, allowing for sophisticated attacks including credential theft and remote control of devices.

Key points

New Exploit Method

The new RedHook malware variant employs Wireless Debugging (Wireless ADB), allowing it to gain shell-level privileges. This change enhances its previous capabilities by allowing remote control of Android devices without needing a physical connection.

Functionality and Capabilities

Alongside its new exploit method, RedHook continues to function as a remote access trojan (RAT). It can stream screens, log keystrokes, automate interface actions, and steal user credentials, thereby posing a significant security threat.

How RedHook Operates

RedHook tricks users into granting Accessibility permissions, which lets it manipulate settings to enable Wireless Debugging. Once paired with the device via its ADB service, RedHook executes commands with a higher privilege level.

It utilizes the Shizuku framework to perform unauthorized actions such as installing/removing applications and modifying Android settings without user notifications.

Impact on Android Security

The abuse of Wireless ADB by malware like RedHook raises concerns about device security, especially since it can exploit devices without requiring root access. This vulnerability affects all Android devices running Android 11 and later, making widespread exploitation feasible.

✨ This summary was generated by AI from the outlets' reporting listed below. It is not independently verified and may contain errors β€” check the original sources. How BrevFeed works β†’

Reporting from

The RedHook Android malware now leverages Wireless ADB to gain shell access without USB connections. This enhancement increases its capability, allowing for sophisticated attacks including credential theft and remote control of devices.