Newly discovered malware is secretly hijacking Android phones and stealing banking credentials by turning the device’s own developer tools against users.
The Cybersecurity firm Group-IB says a dangerous new version of the RedHook malware is now infecting devices, giving hackers powerful remote control to steal sensitive data.
The malware abuses Android’s Wireless Debugging feature. The tool is normally used by developers to gain deep access to infected phones without needing a computer or special permissions.
Attackers are luring victims through phone calls and messages that impersonate banks or government agencies, currently targeting users in Vietnam and Indonesia.
They direct people to fake websites made to look like the Google Play Store and trick them into downloading malicious apps hosted on GitHub and Amazon’s cloud servers.
Once hacked, the malware shows fake screens to get users to grant Accessibility permissions. It then automatically turns on hidden developer settings in the background and connects the phone to itself, giving attackers high-level control.
“RedHook abuses ADB Wireless Debugging to obtain shell-level privileges. With this access, attackers can steal passwords, stream the screen, capture lock screen codes, and create fake dialogs to steal banking information.”
The malware is built to survive removal attempts using several persistence tricks, including a nearly invisible one-pixel screen activity, silent audio playback, and services that automatically restart each other if stopped. It can also restore full access after a phone reboot.
This upgraded technique makes RedHook much harder to detect and remove than typical Android malware.
Follow us on X, Facebook and TelegramDon't Miss a Beat – Subscribe to get email alerts delivered directly to your inbox
Disclaimer: Opinions expressed at The Daily Hodl are not investment advice. Investors should do their due diligence before making any high-risk investments in Bitcoin, cryptocurrency or digital assets. Please be advised that your transfers and trades are at your own risk, and any losses you may incur are your responsibility. The Daily Hodl does not recommend the buying or selling of any assets including cryptocurrencies, nor is The Daily Hodl an investment advisor. Please note that The Daily Hodl participates in affiliate marketing.
Generated Image: Midjourney

