RedHook Android Malware Abuses Wireless ADB
🛡️ Researchers at Group-IB describe a new RedHook Android malware variant that abuses Wireless ADB to gain shell-level (UID 2000) privileges without a wired computer connection. The malware tricks victims into granting Accessibility permissions to enable Developer Options and Wireless Debugging, retrieves the pairing code, and connects via the loopback interface. It leverages a Shizuku-based framework to execute shell commands, silently install apps, modify protected settings, and perform RAT functions like screen streaming and keystroke interception. Distribution relies on social engineering directing victims to fake Play stores; users are urged to install apps only from official sources, review permissions, and enable Play Protect.