logo

New Rokarolla Android Trojan Found Targeting 217 Crypto and Banking Apps

ID: 8aea9675-40cd-55a8-b592-109296ecbb98

STIX ID: report--8aea9675-40cd-55a8-b592-109296ecbb98

Feed Name: HackRead

Threat Score
78/100

Date Published: 2026-06-16

Date Updated: 2026-06-16

Author: Deeba Ahmed

...
...

Zimperium's zLabs uncovered Rokarolla, an Android banking trojan that uses malicious download pages and a secondary dropper to install a payload which requests Accessibility privileges, becomes default SMS/call handler, and uses fake overlays and phishing pages to harvest credentials across 217 banking and cryptocurrency apps; it also performs keylogging, Pseudo‑VNC screen surveillance, clipboard hijacking to swap crypto addresses, disables Play Protect and can mute calls to hide fraud, representing a highly invasive mobile threat. Recommendations include avoiding third‑party downloads, denying accessibility requests from untrusted apps, and monitoring unusual device behavior.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.