logo

Rokarolla Android Trojan Levels Up to Full Device Control, Persistence

ID: fdcb4ea4-a009-5716-9fbe-47a05b128c15

STIX ID: report--fdcb4ea4-a009-5716-9fbe-47a05b128c15

Feed Name: Dark Reading

Threat Score
78/100

Date Published: 2026-06-16

Date Updated: 2026-06-17

Author: Elizabeth Montalbano

...
...

Rokarolla is an Android banking Trojan identified by Zimperium zLabs that targets 217 apps and pairs traditional credential theft with an advanced 137-command remote-control and surveillance suite. Distributed via malicious websites masquerading as legitimate apps, it uses Accessibility Service abuse, fraudulent lock-screen overlays, SMS/call interception, audio suppression, Play Protect deactivation, hidden app icons, and resilient HTTPS C2 infrastructure to isolate victims and persist on devices; Zimperium published IoCs and MITRE mappings and recommends blocking sideloading and deploying mobile threat defenses.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.