VMTech
+381 11 4150 20024/7 Discuss a project
← All Instagram insights VMTECH · INSTAGRAM

Rokarolla: Android Trojan Steals PINs, SMS Codes and Crypto Funds

Rokarolla: Android‑троян крадет PIN, SMS‑коды и криптосредства

Colleagues, please note: cybersecurity firm zLabs (Zimperium) has identified a new Android trojan, Rokarolla. It targets 217 banking and crypto apps and is controlled by 137 operator teams.

- Spread via fake websites and droppers masquerading as Play Protect; it requests Accessibility rights and can disable Play Protect.
- Uses HTML overlays and screen‑replacement to intercept logins, PINs and SMS codes; it overwrites the clipboard to intercept crypto payments.
- Reads and forwards SMS, blocks calls, captures screenshots via Accessibility; it also uses multiple fallback C2 domains.

Why it matters: the attack grants near‑complete device control and a high risk of fund theft.

What additional measures do you recommend?

#cybersecurity #Android #mobilesecurity

Latest comments

No comments yet.