Rokarolla Android malware can take over your phone and steal banking logins

Key Points:

• Rokarolla is a newly identified Android banking Trojan capable of taking over devices and stealing login credentials from over 200 banking and crypto applications.
• The malware employs fake lock-screen overlays to capture sensitive information and abuses Android’s Accessibility features to monitor user activity, intercept OTPs, and manipulate SMS messages.
• Users are advised to avoid sideloading apps, deny unnecessary permissions, and scrutinize login screens for anomalies.

Technical Details: Rokarolla spreads through rogue websites masquerading as legitimate apps like TikTok or Chrome, requesting extensive permissions including Accessibility access to execute its malicious activities.

MITRE ATT&CK Techniques:

• T1071.001 - Application Layer Protocol: Web Protocols (Command and Control)
• T1056.001 - Input Capture: Keylogging (Credential Access)
• T1213 - Data from Information Repositories (Credential Access)
• T1069 - Permission Groups Discovery (Discovery)

IOCs Mentioned: None mentioned