RedHook malware exploits Android wireless debugging for remote shell access
New variant bypasses traditional USB requirement, enabling attackers to gain shell-level control over infected devices without physical connection.
A revised version of the RedHook Android malware now exploits the Wireless Android Debug Bridge (ADB) feature to establish shell-level access on compromised devices, according to research published by BleepingComputer. The technique represents a departure from conventional ADB abuse, which typically requires physical USB connection to a computer.
Wireless ADB is a legitimate Android developer feature that allows remote debugging over a local network. RedHook's operators have repurposed this mechanism to maintain persistent, high-privilege access to infected handsets without the logistical constraints of wired connections. Once the malware is installed and wireless debugging enabled—whether through social engineering or prior compromise—attackers can issue shell commands remotely as long as the device remains on the same network or is otherwise reachable.
The shift to wireless exploitation lowers the operational friction for threat actors. Traditional ADB-based attacks required either physical access or a prior tether to a controlled machine. By moving to the wireless variant, RedHook can be deployed and controlled at scale across distributed victim populations, particularly in environments where devices share network infrastructure.
- 01Enterprises permitting Android devices must audit and disable wireless ADB across fleets.
- 02Mobile security vendors should prioritize detection of unauthorized wireless debugging sessions.
- 03Threat actors gain scalable, low-friction remote access to Android endpoints without physical presence.
Windows zero-day grants admin access on patched systems
Researcher releases LegacyHive exploit enabling privilege escalation on current Windows versions, no patch available.
Ransomware attack halts Coca-Cola's Fairlife dairy production nationwide
Coca-Cola disclosed that a cyberattack on its Fairlife subsidiary has suspended all US production of the premium dairy brand.
Security firm automates zero-day discovery using AI code analysis
Intruder's vulnerability vending machine combines code slicing with large language models to find exploitable flaws without human analysts.