Rokarolla: Android Trojan Steals PINs, SMS Codes and Crypto Funds

Colleagues, please note: cybersecurity firm zLabs (Zimperium) has identified a new Android trojan, Rokarolla. It targets 217 banking and crypto apps and is controlled by 137 operator teams.
- Spread via fake websites and droppers masquerading as Play Protect; it requests Accessibility rights and can disable Play Protect.
- Uses HTML overlays and screen‑replacement to intercept logins, PINs and SMS codes; it overwrites the clipboard to intercept crypto payments.
- Reads and forwards SMS, blocks calls, captures screenshots via Accessibility; it also uses multiple fallback C2 domains.
Why it matters: the attack grants near‑complete device control and a high risk of fund theft.
What additional measures do you recommend?
#cybersecurity #Android #mobilesecurity


Latest comments
No comments yet.