comscore

New Android malware can secretly take over your phone, steal banking details: What you need to know

Cybersecurity researchers have warned about RedHook, a new Android malware that can gain deep access to smartphones, steal sensitive data and become difficult to remove.

Published By: Shubham Arora | Published: Jul 14, 2026, 09:29 PM (IST)

  • whatsapp
  • twitter
  • facebook
  • whatsapp
  • twitter
  • facebook

A new version of an Android malware called RedHook has caught the attention of cybersecurity researchers after it was found using a different approach to gain deep access to infected phones. According to a report by cybersecurity firm Group-IB, the malware can secretly take control of an Android device and access sensitive information, including banking details, SMS messages and passwords.  news Also Read: Google just started selling Samsung Galaxy Watch 8, and nobody saw it coming

Unlike many Android threats that rely only on stealing login credentials, RedHook is designed to take over large parts of the device. Researchers say the latest version has also become much harder to remove once it gets installed.  news Also Read: Google Gemini teams up with Sony's Kaun Banega Crorepati for AI-powered audience engagement

How the malware reaches Android phones 

The attack usually starts with a fake message, email, phone call, or social media link. Attackers often pretend to be customer support executives or representatives of trusted organisations to convince users to download an app.  news Also Read: Google adds AI labels to ads across Search, YouTube and Discover

Instead of directing victims to the Google Play Store, they are taken to a fake website that looks genuine and asked to install an APK file. Once the app is installed, users are prompted to grant Accessibility permissions, claiming they are required for the app to work properly. 

According to Group-IB, that is where the malware begins taking control of the device. It silently enables Wireless Android Debug Bridge (ADB), a feature developers usually use for app testing. This gives RedHook access to parts of the phone that ordinary apps cannot reach, all without requiring a USB connection or root access. 

What RedHook can do 

Once active, RedHook can monitor almost everything happening on the phone. Researchers say it can record the screen, capture keystrokes, read SMS messages, access contacts, stream the display in real time, lock or unlock the phone remotely, and even use the front camera to take pictures. 

The report also says RedHook uses code from Shizuku, an open-source framework that helps apps get higher-level permissions without rooting the device. That makes it easier for the malware to run a privileged ADB shell directly on the phone and carry out more actions in the background. 

Another concern is that the malware has been designed to stay active for as long as possible. It can keep the processor awake, play silent audio in the background, launch an almost invisible 1×1 pixel window to stop Android from closing it, and automatically restart after the phone reboots. 

Group-IB also found that the latest version uses a “cross-process resurrection” mechanism. In simple terms, it runs two background services that keep restarting each other if one is stopped, making the malware much harder to remove. 

Who is being targeted and how to stay safe 

Researchers say RedHook was first seen targeting users in Vietnam before expanding to Indonesia. However, there is always a possibility that similar attacks could spread to other regions if cybercriminals start using the same malware. 

To stay on the safer side, don’t install APK files from links shared over SMS, WhatsApp, Telegram, or email just because they look genuine. If an app is available on the Google Play Store, download it from there instead. Also be careful when an app suddenly asks for Accessibility permissions. Unless you know exactly why it needs that access, it is better not to allow it. 

Add Techlusive as a Preferred SourceAddTechlusiveasaPreferredSource

Google is also reportedly working on new Android protections that are expected to make it harder for malware to misuse Developer Options.