Zimperiumβs zLabs has identified Rokarolla, a new Android banking trojan that targets 217 banking and cryptocurrency apps and uses 137 commands to gain deep control over infected devices. It spreads through fake apps like TikTok and Chrome, abuses Accessibility and HTML overlays, and can steal credentials, SMS codes, lock-screen PINs, and crypto payments while disabling Google Play Protect. #Rokarolla #Zimperium #GooglePlayProtect #TikTok #Chrome #imagin #Klopatra #HOOK
Keypoints
- Rokarolla targets 217 banking and crypto apps with 137 remote commands.
- The trojan uses fake app droppers and Accessibility abuse to infect devices.
- It steals logins through HTML overlays and can capture lock-screen PINs and passwords.
- Rokarolla reads, sends, and blocks SMS to intercept one-time banking codes.
- It rewrites the clipboard, takes screenshots quietly, and can disable Google Play Protect.
Read More: https://thehackernews.com/2026/06/new-rokarolla-android-malware-steals.html