A new version of RedHook Android malware is utilizing Wireless ADB to gain unauthorized shell access on Android devices [1].
This development represents a significant security escalation because it allows attackers to bypass the need for a traditional physical computer connection to compromise a device. By leveraging wireless debugging tools, the malware can establish a remote shell, granting the attacker deep system privileges that are typically reserved for developers.
The malware targets the Android Debug Bridge, or ADB, which is a versatile tool used by developers to communicate with a device. While ADB is typically used via a USB cable, the wireless implementation allows for network-based access [1]. RedHook exploits this functionality to obtain shell-level privileges, effectively turning a diagnostic feature into a backdoor for malicious activity [1].
This threat follows a critical zero-click vulnerability [1] that Google confirmed earlier this year. In May 2026, security experts warned users to update their devices immediately to mitigate the risk of such exploits [2].
"Update Android now—zero-click vulnerability confirmed by Google," Dave Winder said in a report for Forbes [2].
The ability for malware to operate without user interaction, known as a zero-click attack, combined with the use of Wireless ADB, creates a high-risk environment for users who leave debugging settings enabled. Security researchers said that the combination of these vulnerabilities allows for a more seamless and stealthy infiltration of the Android operating system [1, 2].
“RedHook Android malware is utilizing Wireless ADB to gain unauthorized shell access.”
The evolution of RedHook demonstrates a shift toward exploiting developer tools to bypass traditional security perimeters. By moving from physical connections to wireless shell access, attackers can target devices remotely over a network, increasing the scale of potential infections and making the malware harder to detect for the average user.



