V-Help
← All news
Security

New Android Trojan Steals Money from Bank Accounts Undetected

New Android Trojan Steals Money from Bank Accounts Undetected

Photo: Android Authority

Quick answer

An updated version of the RedHook Trojan for Android uses wireless ADB and phishing schemes to gain control over devices.

Experts from Group-IB have discovered an updated version of the RedHook Trojan, which can steal funds from Android users' bank accounts. The malware exploits vulnerabilities in wireless Android Debug Bridge (ADB) to gain elevated access, allowing attackers to bypass standard security mechanisms.

The Trojan spreads through phishing schemes: victims receive links via SMS, emails, or social media messages. Attackers impersonate employees of well-known companies or technical support, convincing users to install an APK file from a fake website. After installation, the Trojan requests Accessibility permissions to activate wireless ADB and take control of the device.

The updated version of RedHook employs advanced masking techniques, including a self-recovery mechanism via two interconnected services. This makes the Trojan nearly impossible to remove using standard methods. Additionally, the malware can keep the device active by creating an invisible pixel on the screen to prevent the system from terminating it.

Initially, attacks were detected in Vietnam, but the threat has now spread to Indonesia and other countries in the region. Experts recommend users avoid installing apps from unofficial sources and carefully review requested permissions. In the future, Google plans to enhance security by disabling access to Developer options for regular users.

Common questions

How does the RedHook Trojan infect devices?
Attackers distribute the malware via phishing links in SMS, emails, or social media. Victims are tricked into installing an APK file from a fake site mimicking the Google Play Store.
What permissions does the Trojan gain on the device?
RedHook requests Accessibility permissions to activate wireless ADB and gain full control over the system. This allows attackers to monitor keystrokes, capture screens, and bypass locks.
How can users protect themselves from the RedHook Trojan?
Only install apps from official stores, avoid suspicious links, and carefully review requested permissions. It is also recommended to disable wireless ADB if not in use.
Share:

Dzen feed: /feed/dzen.xml · RSS: /feed.xml

Why trust this

Prepared by the V-Help editorial team from the primary source with a published date.

Published by: V-Help.ru news desk

Source: Android Authority