New Rokarolla Android Malware Steals PINs, SMS Codes, and Crypto Wallet Funds

A new Android banking trojan named Rokarolla was identified by Zimperium's zLabs security researchers. This malware is designed to target 217 distinct banking and cryptocurrency applications. Rokarolla is equipped with 137 remote commands, granting its operators extensive control over infected devices. The trojan's capabilities include stealing lock-screen PINs, intercepting and sending SMS messages, and manipulating the device's clipboard to redirect cryptocurrency transactions. Additionally, Rokarolla can disable Google Play Protect, a security feature designed to safeguard Android devices. The malware's sophisticated features indicate a significant threat to users of financial and crypto applications on the Android platform. Zimperium has provided detailed technical analysis of Rokarolla's functionalities and its potential impact on user security.