Rokarolla Android Trojan Levels Up to Full Device Control, Persistence
ID: fdcb4ea4-a009-5716-9fbe-47a05b128c15
STIX ID: report--fdcb4ea4-a009-5716-9fbe-47a05b128c15
Feed Name: Dark Reading
Rokarolla is an Android banking Trojan identified by Zimperium zLabs that targets 217 apps and pairs traditional credential theft with an advanced 137-command remote-control and surveillance suite. Distributed via malicious websites masquerading as legitimate apps, it uses Accessibility Service abuse, fraudulent lock-screen overlays, SMS/call interception, audio suppression, Play Protect deactivation, hidden app icons, and resilient HTTPS C2 infrastructure to isolate victims and persist on devices; Zimperium published IoCs and MITRE mappings and recommends blocking sideloading and deploying mobile threat defenses.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
