A new and highly lethal Android malware targeting smartphones has been recently identified. As per a cybersecurity entity namely Zimperium the malware possesses the ability to obtain smartphone PINs, OTPs, banking credentials as well as siphon funds of cryptocurrency wallets.

The malware is termed ‘Rokarolla’. What makes it highly dangerous is its sophistication. The said malware can cause identity theft, fraudulent transactions as well as major monetary damage.

Major Features of Rokarolla

The trojan is designed to attack 217 banking as well as cryptocurrency apps. The former also has a list of as many as 137 remote malicious commands. As such a cyber-criminal gains a high degree of control over a particular infected smartphone. Rokarolla gathers lock-screen PINs, reads as well as dispatches SMS, make changes to the clipboard to reroute crypto payments. Also, it turns off Google Play Protect to get a free hand for its actions.

Entry Process of the Trojan

The modus operandi is that the trojan is put in malicious websites under the name of reputed apps including TikTok and Chrome. At the onset is the installation of an app disguised as Google Play Protect. As a result, it is able to gain Accessibility access. One of the malware’s commands switches off Google Play Protect.

Rokarolla employs fake lock-screen overlays to capture the users PIN, pattern and/or password. Whenever one of the banking or crypto apps present on the malware’s list is opened, the trojan downloads as well as displays a near identical fake login page over the genuine app. Anything which is typed on the fraudulent page ranging from usernames, passwords and or card numbers is routed to the cybercriminal. The ability to read SMS messages and dispatch fresh ones enable Rokarolla to intercept OTPs as well as two-factor authentication numbers.

What makes this particular malware especially dangerous is it’s ability to record everything typed or present on the screen. Other aspects that enable the trojan to be undetected is it’s ability to hide the associated icon, silence the smartphone, disable Google Play Protect and stop the screen to switching to sleep mode.

How to Stay Safe

To protect yourself from such malware download only apps from official play stores.  Make sure Google Play Protect is never turned off. If a particular app requests accessibility permissions treat it with caution and verify whether the request is legitimate.

FAQs

1. What is Rokarolla malware?
Rokarolla is a sophisticated Android banking trojan that targets smartphones to steal sensitive information such as PINs, passwords, OTPs, banking credentials, and cryptocurrency wallet details.

2. How does Rokarolla infect Android devices?
The malware is distributed through malicious websites where it is disguised as legitimate apps such as TikTok or Chrome. It often installs itself as a fake Google Play Protect application and requests Accessibility permissions to gain extensive control over the device.

3. What information can Rokarolla steal from victims?
Rokarolla can capture lock-screen PINs, passwords, banking usernames, card details, OTPs, SMS messages, and cryptocurrency wallet credentials. It can also record everything typed or displayed on the screen.

4. Why is Rokarolla considered particularly dangerous?
The malware can target 217 banking and cryptocurrency applications, disable Google Play Protect, hide its icon, intercept two-factor authentication codes, and display fake login screens that closely resemble legitimate banking and crypto apps.

5. How can Android users protect themselves from Rokarolla?
Users should download apps only from official app stores, keep Google Play Protect enabled, be cautious when granting Accessibility permissions, regularly update their devices, and avoid installing apps from unknown websites or untrusted sources.

SOURCES:-

https://www.cybersecurity-insiders.com/new-android-malware-targets-pins-otps-and-cryptocurrency-wallet-currency/

https://thehackernews.com/2026/06/new-rokarolla-android-malware-steals.html

https://securityboulevard.com/2026/06/rokarolla-android-malware-can-take-over-your-phone-and-steal-banking-logins/