RedHook Malware Empties Android Bank Accounts via Wireless ADB, Spreading From 2 Southeast Asian Markets
Updated
Updated · Android Authority · Jul 13
RedHook Malware Empties Android Bank Accounts via Wireless ADB, Spreading From 2 Southeast Asian Markets
2 articles · Updated · Android Authority · Jul 13
Summary
Group-IB said an upgraded RedHook Android trojan can seize deep device control through wireless ADB, letting attackers capture keystrokes, stream screens and drain bank accounts.
Victims are lured by links in texts, calls, email or social media, then pushed to install a fake APK and grant Accessibility access, which the malware uses to turn on Developer options and gain shell-level access.
Two anti-removal tricks make the new variant harder to kill: a 1x1-pixel always-on screen tactic and a two-service cross-process resurrection mechanism that restarts the malware if one component is stopped.
Vietnam was the initial target, but Group-IB said activity has expanded to Indonesia, signaling broader Southeast Asia risk as Android still works on protections that could restrict Developer options access.