This Android malware is capable of monitoring your screen, accessing your messages, and taking control of your phone from a distance.
An upgraded version of the RedHook Android malware is currently spreading and can take control of your phone without requiring a USB connection or root access. Researchers from Group-IB have identified this enhanced variant, which represents a significant advancement from the version seen in 2025. The most alarming aspect? It exploits one of Android's own built-in tools to do so.
How RedHook malware deceives your Android phone into relinquishing control
The attack begins with a deceptive text message or phone call impersonating your bank or a government agency, coaxing you to a fraudulent Google Play site to download a dubious app. After installation, the app requests Accessibility permissions, enabling Android applications to interact with other apps and settings on your behalf.
If you grant this permission, it stealthily activates Developer Options and enables Wireless ADB, a feature that allows remote control of your phone via Wi-Fi.
From there, it connects to your phone's debugging service through an internal address and pairs with it using a code obtained directly from your display. This grants it shell-level access, providing control far beyond what a typical app should possess, all without needing root privileges.
The latest iteration of RedHook also employs a genuine developer utility called Shizuku to execute commands in the background, allowing it to obtain additional permissions and make changes that would typically require user approval.
Why this upgrade increases RedHook's threat level
Once it has gained access, attackers have 53 commands at their disposal. They can observe your screen in real-time, capture screenshots, navigate your phone through taps and swipes, lock or unlock it, install or uninstall apps in silence, read your messages and contacts, activate your camera, and even reboot your phone remotely.
RedHook employs various techniques to maintain its presence, including running two services that restart one another if either is terminated and adjusting its system priority to evade shutdown.
To stay safe, only download apps from the official Google Play Store, pay close attention to any requests for Accessibility permissions, and keep Play Protect enabled.
Mozilla is set to accelerate its update frequency, and that's a positive development for your security. If you're accustomed to seeing a new Firefox update approximately once a month, that is about to change. Starting in September, Mozilla will implement a two-week release cycle for Firefox on both desktop and Android, meaning users can expect updates twice as frequently. While this may result in more downloads, it primarily aims to close security vulnerabilities more swiftly.
Regarding security fixes, the previous month-long wait is no longer acceptable.
A new $68 phone allows smartphone-generation kids to experience childhood memories millennials had missed. A new product from Pinwheel will enable children to actually speak with a friend without sending numerous voice notes first. The company has introduced Pinwheel Home, a retro-style household phone designed for kids aged 5 to 10, offering a means to contact friends and family prior to their first smartphone. It supports voice calls only, eliminating social media, gaming, texting, and endless feeds.
The landline is making a comeback, minus the phone jack.
If you shoot RAW images, Snapseed has addressed one of your major challenges. The latest version 4.1 adds extensive RAW format support to Android, with an iOS release expected soon.
For those who take RAW photos and edit them on their mobile devices, Google's free photo editing app Snapseed has become significantly more useful. The app has recently been updated on Android to accommodate a wide range of RAW formats that it previously could not support.
Other articles
This Android malware is capable of monitoring your screen, accessing your messages, and taking control of your phone from a distance.
A recent iteration of RedHook Android malware leverages the built-in debugging feature of your phone to gain remote access to your device, bypassing the need for root access or a USB connection.
