{"id":48090,"date":"2026-07-18T17:35:51","date_gmt":"2026-07-18T17:35:51","guid":{"rendered":"https:\/\/cryptomag.finance\/?p=48090"},"modified":"2026-07-18T17:35:51","modified_gmt":"2026-07-18T17:35:51","slug":"dangerous-new-android-malware-infecting-phones-stealing-banking-credentials-and-other-sensitive-data-report","status":"publish","type":"post","link":"https:\/\/cryptomag.finance\/?p=48090","title":{"rendered":"Dangerous New Android Malware Infecting Phones, Stealing Banking Credentials and Other Sensitive Data: Report"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"600\" src=\"https:\/\/dailyhodl.com\/wp-content\/uploads\/2026\/07\/android-target-hack.jpg?resize=1024,600\" class=\"webfeedsFeaturedVisual wp-post-image\" alt=\"\" \/><\/p>\n<p>Newly discovered malware is secretly hijacking Android phones and stealing banking credentials by turning the device\u2019s own developer tools against users.<\/p>\n<p>The Cybersecurity firm Group-IB <a href=\"https:\/\/www.group-ib.com\/blog\/redhook-android-rat-upgraded\/\" rel=\"noopener\" target=\"_blank\">says<\/a> a dangerous new version of the RedHook malware is now infecting devices, giving hackers powerful remote control to steal sensitive data.<\/p>\n<p>The malware abuses Android\u2019s Wireless Debugging feature. The tool is normally used by developers to gain deep access to infected phones without needing a computer or special permissions.<\/p>\n<p>Attackers are luring victims through phone calls and messages that impersonate banks or government agencies, currently targeting users in Vietnam and Indonesia.<\/p>\n<p>They direct people to fake websites made to look like the Google Play Store and trick them into downloading malicious apps hosted on GitHub and Amazon\u2019s cloud servers.<\/p>\n<p>Once hacked, the malware shows fake screens to get users to grant Accessibility permissions. It then automatically turns on hidden developer settings in the background and connects the phone to itself, giving attackers high-level control.<\/p>\n<p><em>\u201cRedHook abuses ADB Wireless Debugging to obtain shell-level privileges. With this access, attackers can steal passwords, stream the screen, capture lock screen codes, and create fake dialogs to steal banking information.\u201d<\/em><\/p>\n<p>The malware is built to survive removal attempts using several persistence tricks, including a nearly invisible one-pixel screen activity, silent audio playback, and services that automatically restart each other if stopped. It can also restore full access after a phone reboot.<\/p>\n<p>This upgraded technique makes RedHook much harder to detect and remove than typical Android malware.<\/p>\n<p><em><span>Follow us on <a href=\"https:\/\/x.com\/TheDailyHodl\" target=\"_blank\" rel=\"noopener\">X<\/a>, <a href=\"https:\/\/www.facebook.com\/thedailyhodl\/\" target=\"_blank\" rel=\"noopener\">Facebook<\/a> and <a href=\"https:\/\/t.me\/thedailyhodl\" target=\"_blank\" rel=\"noopener\">Telegram<\/a><\/span><\/em><br \/>\n<br \/>\n<em><span>Don&#8217;t Miss a Beat \u2013 <a href=\"https:\/\/dailyhodl.com\/join-the-daily-hodl-email-list\/\" target=\"_blank\" rel=\"noopener\">Subscribe<\/a> to get email alerts delivered directly to your inbox <\/span><\/em><br \/>\n<\/p>\n<div class=\"hideinamp\">\n<div class=\"dianomi_context\" data-dianomi-context-id=\"736\"><\/div>\n<p>&amp;nbsp<\/p>\n<h6>Disclaimer: Opinions expressed at The Daily Hodl are not investment advice. Investors should do their due diligence before making any high-risk investments in Bitcoin, cryptocurrency or digital assets. Please be advised that your transfers and trades are at your own risk, and any losses you may incur are your responsibility. The Daily Hodl does not recommend the buying or selling of any assets including cryptocurrencies, nor is The Daily Hodl an investment advisor. Please note that The Daily Hodl participates in affiliate marketing.<\/h6>\n<\/div>\n<p><span><em>Generated Image: Midjourney<\/em><\/span><\/p>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/dailyhodl.com\/2026\/07\/18\/dangerous-new-android-malware-infecting-phones-stealing-banking-credentials-and-other-sensitive-data-report\/\">Dangerous New Android Malware Infecting Phones, Stealing Banking Credentials and Other Sensitive Data: Report<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/dailyhodl.com\/\">The Daily Hodl<\/a>.<\/p>","protected":false},"excerpt":{"rendered":"<p>Newly discovered malware is secretly hijacking Android phones and stealing banking credentials by turning the device\u2019s own developer tools against users. The Cybersecurity firm Group-IB says a dangerous new version of the RedHook malware is now infecting devices, giving hackers powerful remote control to steal sensitive data. The malware abuses Android\u2019s Wireless Debugging feature. The [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":48091,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_exactmetrics_skip_tracking":false,"footnotes":""},"categories":[],"tags":[],"class_list":["post-48090","post","type-post","status-publish","format-standard","has-post-thumbnail"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v28.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Dangerous New Android Malware Infecting Phones, Stealing Banking Credentials and Other Sensitive Data: Report - Cryptomag<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/cryptomag.finance\/?p=48090\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Dangerous New Android Malware Infecting Phones, Stealing Banking Credentials and Other Sensitive Data: Report - Cryptomag\" \/>\n<meta property=\"og:description\" content=\"Newly discovered malware is secretly hijacking Android phones and stealing banking credentials by turning the device\u2019s own developer tools against users. The Cybersecurity firm Group-IB says a dangerous new version of the RedHook malware is now infecting devices, giving hackers powerful remote control to steal sensitive data. The malware abuses Android\u2019s Wireless Debugging feature. The [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/cryptomag.finance\/?p=48090\" \/>\n<meta property=\"og:site_name\" content=\"Cryptomag\" \/>\n<meta property=\"article:published_time\" content=\"2026-07-18T17:35:51+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/dailyhodl.com\/wp-content\/uploads\/2026\/07\/android-target-hack.jpg?resize=1024,600\" \/>\n<meta name=\"author\" content=\"Crypto Magazine\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@cryptomagz\" \/>\n<meta name=\"twitter:site\" content=\"@cryptomagz\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Crypto Magazine\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/cryptomag.finance\\\/?p=48090#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/cryptomag.finance\\\/?p=48090\"},\"author\":{\"name\":\"Crypto Magazine\",\"@id\":\"https:\\\/\\\/cryptomag.finance\\\/#\\\/schema\\\/person\\\/f749cd846c4f13ef717c12a20ce9d040\"},\"headline\":\"Dangerous New Android Malware Infecting Phones, Stealing Banking Credentials and Other Sensitive Data: Report\",\"datePublished\":\"2026-07-18T17:35:51+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/cryptomag.finance\\\/?p=48090\"},\"wordCount\":396,\"image\":{\"@id\":\"https:\\\/\\\/cryptomag.finance\\\/?p=48090#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/cryptomag.finance\\\/wp-content\\\/uploads\\\/android-target-hack-6LQTvg.jpg\",\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/cryptomag.finance\\\/?p=48090\",\"url\":\"https:\\\/\\\/cryptomag.finance\\\/?p=48090\",\"name\":\"Dangerous New Android Malware Infecting Phones, Stealing Banking Credentials and Other Sensitive Data: Report - Cryptomag\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/cryptomag.finance\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/cryptomag.finance\\\/?p=48090#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/cryptomag.finance\\\/?p=48090#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/cryptomag.finance\\\/wp-content\\\/uploads\\\/android-target-hack-6LQTvg.jpg\",\"datePublished\":\"2026-07-18T17:35:51+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/cryptomag.finance\\\/#\\\/schema\\\/person\\\/f749cd846c4f13ef717c12a20ce9d040\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/cryptomag.finance\\\/?p=48090#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/cryptomag.finance\\\/?p=48090\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/cryptomag.finance\\\/?p=48090#primaryimage\",\"url\":\"https:\\\/\\\/cryptomag.finance\\\/wp-content\\\/uploads\\\/android-target-hack-6LQTvg.jpg\",\"contentUrl\":\"https:\\\/\\\/cryptomag.finance\\\/wp-content\\\/uploads\\\/android-target-hack-6LQTvg.jpg\",\"width\":1024,\"height\":600},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/cryptomag.finance\\\/?p=48090#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/cryptomag.finance\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Dangerous New Android Malware Infecting Phones, Stealing Banking Credentials and Other Sensitive Data: Report\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/cryptomag.finance\\\/#website\",\"url\":\"https:\\\/\\\/cryptomag.finance\\\/\",\"name\":\"Cryptomag\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/cryptomag.finance\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/cryptomag.finance\\\/#\\\/schema\\\/person\\\/f749cd846c4f13ef717c12a20ce9d040\",\"name\":\"Crypto Magazine\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/2c24e7a3322cdb9140c7dde381c870ae2c527e0dc5af67ed7a7db042bb2e1d14?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/2c24e7a3322cdb9140c7dde381c870ae2c527e0dc5af67ed7a7db042bb2e1d14?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/2c24e7a3322cdb9140c7dde381c870ae2c527e0dc5af67ed7a7db042bb2e1d14?s=96&d=mm&r=g\",\"caption\":\"Crypto Magazine\"},\"sameAs\":[\"https:\\\/\\\/cryptomag.finance\",\"https:\\\/\\\/x.com\\\/cryptomagz\"],\"url\":\"https:\\\/\\\/cryptomag.finance\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Dangerous New Android Malware Infecting Phones, Stealing Banking Credentials and Other Sensitive Data: Report - Cryptomag","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/cryptomag.finance\/?p=48090","og_locale":"en_US","og_type":"article","og_title":"Dangerous New Android Malware Infecting Phones, Stealing Banking Credentials and Other Sensitive Data: Report - Cryptomag","og_description":"Newly discovered malware is secretly hijacking Android phones and stealing banking credentials by turning the device\u2019s own developer tools against users. The Cybersecurity firm Group-IB says a dangerous new version of the RedHook malware is now infecting devices, giving hackers powerful remote control to steal sensitive data. The malware abuses Android\u2019s Wireless Debugging feature. The [&hellip;]","og_url":"https:\/\/cryptomag.finance\/?p=48090","og_site_name":"Cryptomag","article_published_time":"2026-07-18T17:35:51+00:00","og_image":[{"url":"https:\/\/dailyhodl.com\/wp-content\/uploads\/2026\/07\/android-target-hack.jpg?resize=1024,600","type":"","width":"","height":""}],"author":"Crypto Magazine","twitter_card":"summary_large_image","twitter_creator":"@cryptomagz","twitter_site":"@cryptomagz","twitter_misc":{"Written by":"Crypto Magazine","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/cryptomag.finance\/?p=48090#article","isPartOf":{"@id":"https:\/\/cryptomag.finance\/?p=48090"},"author":{"name":"Crypto Magazine","@id":"https:\/\/cryptomag.finance\/#\/schema\/person\/f749cd846c4f13ef717c12a20ce9d040"},"headline":"Dangerous New Android Malware Infecting Phones, Stealing Banking Credentials and Other Sensitive Data: Report","datePublished":"2026-07-18T17:35:51+00:00","mainEntityOfPage":{"@id":"https:\/\/cryptomag.finance\/?p=48090"},"wordCount":396,"image":{"@id":"https:\/\/cryptomag.finance\/?p=48090#primaryimage"},"thumbnailUrl":"https:\/\/cryptomag.finance\/wp-content\/uploads\/android-target-hack-6LQTvg.jpg","inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/cryptomag.finance\/?p=48090","url":"https:\/\/cryptomag.finance\/?p=48090","name":"Dangerous New Android Malware Infecting Phones, Stealing Banking Credentials and Other Sensitive Data: Report - Cryptomag","isPartOf":{"@id":"https:\/\/cryptomag.finance\/#website"},"primaryImageOfPage":{"@id":"https:\/\/cryptomag.finance\/?p=48090#primaryimage"},"image":{"@id":"https:\/\/cryptomag.finance\/?p=48090#primaryimage"},"thumbnailUrl":"https:\/\/cryptomag.finance\/wp-content\/uploads\/android-target-hack-6LQTvg.jpg","datePublished":"2026-07-18T17:35:51+00:00","author":{"@id":"https:\/\/cryptomag.finance\/#\/schema\/person\/f749cd846c4f13ef717c12a20ce9d040"},"breadcrumb":{"@id":"https:\/\/cryptomag.finance\/?p=48090#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/cryptomag.finance\/?p=48090"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cryptomag.finance\/?p=48090#primaryimage","url":"https:\/\/cryptomag.finance\/wp-content\/uploads\/android-target-hack-6LQTvg.jpg","contentUrl":"https:\/\/cryptomag.finance\/wp-content\/uploads\/android-target-hack-6LQTvg.jpg","width":1024,"height":600},{"@type":"BreadcrumbList","@id":"https:\/\/cryptomag.finance\/?p=48090#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/cryptomag.finance\/"},{"@type":"ListItem","position":2,"name":"Dangerous New Android Malware Infecting Phones, Stealing Banking Credentials and Other Sensitive Data: Report"}]},{"@type":"WebSite","@id":"https:\/\/cryptomag.finance\/#website","url":"https:\/\/cryptomag.finance\/","name":"Cryptomag","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/cryptomag.finance\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/cryptomag.finance\/#\/schema\/person\/f749cd846c4f13ef717c12a20ce9d040","name":"Crypto Magazine","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/2c24e7a3322cdb9140c7dde381c870ae2c527e0dc5af67ed7a7db042bb2e1d14?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/2c24e7a3322cdb9140c7dde381c870ae2c527e0dc5af67ed7a7db042bb2e1d14?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/2c24e7a3322cdb9140c7dde381c870ae2c527e0dc5af67ed7a7db042bb2e1d14?s=96&d=mm&r=g","caption":"Crypto Magazine"},"sameAs":["https:\/\/cryptomag.finance","https:\/\/x.com\/cryptomagz"],"url":"https:\/\/cryptomag.finance\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/cryptomag.finance\/index.php?rest_route=\/wp\/v2\/posts\/48090","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cryptomag.finance\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cryptomag.finance\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cryptomag.finance\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cryptomag.finance\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=48090"}],"version-history":[{"count":0,"href":"https:\/\/cryptomag.finance\/index.php?rest_route=\/wp\/v2\/posts\/48090\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cryptomag.finance\/index.php?rest_route=\/wp\/v2\/media\/48091"}],"wp:attachment":[{"href":"https:\/\/cryptomag.finance\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=48090"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cryptomag.finance\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=48090"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cryptomag.finance\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=48090"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}