A new Android banking trojan called Rokarolla is targeting 217 banking and cryptocurrency applications while giving attackers broad control over infected devices, according to mobile cybersecurity firm Zimperium. The malware is designed to compromise financial and crypto applications by using fake screens that appear on top of legitimate apps to steal device unlock credentials and banking information. Rokarolla represents an escalating threat to mobile banking security as cybercriminals increasingly target financial applications with sophisticated overlay attacks.
Rokarolla Distributes Through Fake TikTok and Chrome Apps
Rokarolla is distributed through malicious websites that disguise it as popular applications such as TikTok and Google Chrome, reports Zimperium. The malware uses this distribution method to trick users into downloading and installing the trojan on their Android devices.
Malware Steals Credentials Using Fake Overlay Screens
The malware can steal device unlock credentials, including PINs, patterns and passwords, by displaying a fake Android lock screen. Information entered into the fake screen is then sent to attacker-controlled infrastructure, according to Zimperium. Rokarolla can also steal banking and cryptocurrency credentials when victims open targeted financial apps. Once the malware identifies a targeted app, it can display a fake login page to capture credentials or credit card information.
Rokarolla Contains 137 Commands for Device Control
Zimperium says the malware contains 137 commands that allow attackers to control infected devices, collect SMS messages, steal contact lists, record user input and monitor what appears on the screen. Rokarolla can also block incoming calls, mute device audio and disable Google Play Protect, according to the report. The cybersecurity firm says the malware can intercept SMS messages, send texts on behalf of victims and prevent users from receiving fraud alerts from banks.
Malware Targets 217 Banking and Cryptocurrency Applications
Zimperium says Rokarolla targets more than 200 financial, cryptocurrency and social media applications, including 217 distinct cryptocurrency and banking apps. The firm says the malware's features are designed to facilitate financial fraud and prevent victims from interrupting malicious activity on infected devices.
FAQ
What is Rokarolla and how many apps does it target?
Rokarolla is a new Android banking trojan that targets 217 banking and cryptocurrency applications. The malware is distributed through malicious websites disguised as popular apps like TikTok and Google Chrome, and uses fake overlay screens to steal credentials from infected devices.
How does Rokarolla steal user credentials?
Rokarolla steals credentials by displaying fake screens that appear on top of legitimate apps. The malware can show a fake Android lock screen to capture PINs, patterns and passwords, and can display fake login pages when victims open targeted banking or cryptocurrency apps to capture login credentials or credit card information.
What control capabilities does Rokarolla have over infected devices?
Rokarolla contains 137 commands that allow attackers to control infected devices, collect SMS messages, steal contact lists, record user input, monitor screen activity, block incoming calls, mute device audio, disable Google Play Protect, intercept SMS messages, send texts on behalf of victims, and prevent users from receiving fraud alerts from banks.
