Security researchers at Zimperium have unveiled a new Android banking trojan, dubbed “Rokarolla,” which poses a significant threat to users of over 200 banking and cryptocurrency applications. This sophisticated malware is being disseminated through various channels, including spoofed websites, third-party app stores, and social media platforms. Notably, it has not been detected on the Google Play Store or other official Android repositories, raising concerns about its reach and impact.
How to spot Rokarolla
Upon installation, Rokarolla exhibits typical behaviors associated with banking trojans, such as requesting extensive permissions. Among these, the Accessibility service permissions serve as a common red flag for potential malware. Users should be particularly wary of permissions that grant access to SMS and calls, as well as notifications.
Rokarolla’s capabilities extend beyond mere credential theft; it can:
- Access WhatsApp contacts
- Capture keystrokes
- Record the screen
- Block incoming calls
- Send screenshots
Typically, banking trojans like Rokarolla target specific geographical regions and languages. However, Zimperium has not disclosed which areas may be most vulnerable or the estimated number of potential infections. Users who stick to downloading applications exclusively from official repositories, such as the Google Play Store or Galaxy Store, are advised to be at lower risk of encountering this threat.
