Rokarolla Android malware can take over your phone and steal banking logins
ID: b4ca57ef-c4c3-54f7-b713-70754e2b9889
STIX ID: report--b4ca57ef-c4c3-54f7-b713-70754e2b9889
Feed Name: Malwarebytes Blog
Rokarolla is a newly analyzed Android banking Trojan that targets over 200 banking and crypto apps by deploying fake overlay login pages, abusing Accessibility permissions to read/send SMS and monitor apps (to intercept OTPs and 2FA), replacing clipboard wallet addresses, and using stealth capabilities (hide icon, disable Play Protect). It spreads via rogue sites pushing sideloaded fake apps that impersonate system components and request powerful permissions; users are advised to avoid sideloading, deny unnecessary Accessibility/SMS/call permissions, and use up-to-date mobile security.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
