Zimperium Blog:
Executive Summary
The zLabs research team has discovered Rokarolla, a newly identified Android banking trojan named after its Command and Control (C2) infrastructure. Primarily distributed through malicious websites such as hxxps[://]infocontablidades[.]it[.]com/, where it masquerades as popular applications like TikTok or Google Chrome, this highly invasive malware is specifically designed to target and compromise 217 distinct cryptocurrency and banking applications.To facilitate undetected financial fraud, Rokarolla employs a sophisticated suite of 137 commands that grant it extensive administrative control over an infected device. Its malicious capabilities include harvesting lock screen credentials, exfiltrating sensitive contact lists and SMS data, and utilizing keyloggers to continuously record user input. Furthermore, the trojan actively conceals its operations and disrupts user intervention by blocking incoming calls, deploying fraudulent screen overlays, suppressing device audio, and deactivating Google Play Protect.
Read more:
Rokarolla : Android Banker with Complete Device Takeover Capabilities
Zimperium zLabs researchers uncover Rokarolla, a sophisticated Android banking trojan targeting 217 banking and cryptocurrency apps with credential theft, screen overlays, SMS interception, and complete device takeover capabilities.
zimperium.com
Last edited by a moderator:
