RedHook Android malware now uses Wireless ADB for shell access

Summary

A new variant of the RedHook Android malware has been discovered that leverages Android's Wireless Debugging feature to gain shell access. This new capability allows the malware to execute commands and control devices remotely without the need for a direct USB connection to a computer.

IFF Assessment

FOE

This malware's new ability to gain shell access via Wireless ADB without a physical connection significantly enhances its stealth and remote control capabilities, posing a greater threat to Android users.

Defender Context

Defenders should be aware of this evolving threat vector, as the use of Wireless ADB bypasses traditional USB-based detection methods. Mobile security solutions should be updated to detect this new RedHook variant and its methods of persistence and command execution.

Read Full Story →