RedHook Android malware abuses Wireless ADB for shell access
Malware Activity
Updated: 12.07.2026 17:27
· First: 12.07.2026 17:27
· 📰 1 src / 1 articles
· H score: 26
The RedHook Android malware now abuses Wireless ADB to obtain shell (UID 2000) privileges, expanding its control over infected devices. The change lets the malware operate without a computer connection and increases the risk of screen streaming, keystroke interception, and credential theft. It first abuses Accessibility permissions to enable Developer Options and Wireless Debugging, then pairs over 127.0.0.1 to reach the ADB service. The latest release also adds 53 server-issued commands and multiple persistence mechanisms to keep running.