Rokarolla : Android Banker with Complete Device Takeover Capabilities

Zimperium Blog:

Executive Summary

The zLabs research team has discovered Rokarolla, a newly identified Android banking trojan named after its Command and Control (C2) infrastructure. Primarily distributed through malicious websites such as hxxps[://]infocontablidades[.]it[.]com/, where it masquerades as popular applications like TikTok or Google Chrome, this highly invasive malware is specifically designed to target and compromise 217 distinct cryptocurrency and banking applications.

To facilitate undetected financial fraud, Rokarolla employs a sophisticated suite of 137 commands that grant it extensive administrative control over an infected device. Its malicious capabilities include harvesting lock screen credentials, exfiltrating sensitive contact lists and SMS data, and utilizing keyloggers to continuously record user input. Furthermore, the trojan actively conceals its operations and disrupts user intervention by blocking incoming calls, deploying fraudulent screen overlays, suppressing device audio, and deactivating Google Play Protect.

Rokarolla : Android Banker with Complete Device Takeover Capabilities

Zimperium zLabs researchers uncover Rokarolla, a sophisticated Android banking trojan targeting 217 banking and cryptocurrency apps with credential theft, screen overlays, SMS interception, and complete device takeover capabilities.

zimperium.com

Last edited by a moderator: Tuesday at 8:37 AM

Click to expand...

pseymour

We summon thee from the dead, old threads!

Guru

VIP

Tuesday at 10:07 AM

At least it’s not Rickarolla.

My Computer

At a glance

Windows 11 Pro 25H212th Gen Core i7-1260P64 GB Micron PC4-25600Intel Iris Xe Graphics

OS: Windows 11 Pro 25H2

Computer type: PC/Desktop

Manufacturer/Model: Intel NUC12WSHi7

CPU: 12th Gen Core i7-1260P

Motherboard: NUC12WSBi7

Memory: 64 GB Micron PC4-25600

Graphics Card(s): Intel Iris Xe Graphics

Sound Card: on-board Realtek HD Audio

Monitor(s) Displays: Dell U3219Q

Screen Resolution: 3840 x 2160

Hard Drives: Samsung SSD 990 PRO 1TB
Crucial MX500 2 TB

Antivirus: Microsoft Defender

A Guy

Righteous Dude

Pro User

VIP

Thread Starter

Wednesday at 2:23 AM

You wouldn't get this from any other guy

A Guy

My Computers

System One System Two

At a glance
Windows 10 Home x64INTEL Core i5-11400KINGSTON HyperX Fury Black DDR4 16GB (2 x 8GB...EVGA GeForce GTX 750 Superclocked 1GB 128-Bit...

OS
Windows 10 Home x64
Computer type
PC/Desktop
Manufacturer/Model
Custom
CPU
INTEL Core i5-11400
Motherboard
ASUS PRIME H570-PLUS
Memory
KINGSTON HyperX Fury Black DDR4 16GB (2 x 8GB) 3200MHz, CL16
Graphics Card(s)
EVGA GeForce GTX 750 Superclocked 1GB 128-Bit GDDR5
Monitor(s) Displays
LG 32MA68HY 32" IPS
Screen Resolution
1920 x 1080
Hard Drives
SAMSUNG 250GB 970 EVO Plus NVMe, M.2 SSD, Crucial 250GB MX500, SEAGATE 500GB Barracuda® 7200.12, SATA 3 Gb/s, 7200 RPM, 16MB cache
PSU
CORSAIR RM550x 80 PLUS Gold 550W
Case
ANTEC P10 FLUX
Cooling
be quiet! Pure Rock 2, 5 x 120 mm Case Fans
Internet Speed
480 + Mbps Up/ 12+ Mbps Down
Browser
Vivaldi Snapshot
Antivirus
Avast
At a glance
Windows 10 Home x64Intel Core i5-750Kingston HyperX Fury Black 8GB (2x4GB) DDR3-1...MSI GeForce GT 240 N240GT-MD1G/D5 1 GB DDR5

Operating System
Windows 10 Home x64
Computer type
PC/Desktop
Manufacturer/Model
Custom
CPU
Intel Core i5-750
Motherboard
ASUS P7P55D
Memory
Kingston HyperX Fury Black 8GB (2x4GB) DDR3-1600MHz CL8
Graphics card(s)
MSI GeForce GT 240 N240GT-MD1G/D5 1 GB DDR5
Monitor(s) Displays
LG 32MA68HY 32" IPS
Screen Resolution
1980x1040
Hard Drives
Samsung Electronics 840 EVO 120GB, SEAGATE 500GB Barracuda® 7200.12, SATA 3 Gb/s, 7200 RPM, 16MB cache
PSU
Antec TruePower New TP-550 550W
Case
Antec 300
Cooling
Cooler Master Hyper 212+, 4 Noctua NF-P12 120mm, 1 Noctua NF-P14 FLX
Internet Speed
480+ Mbps Down/12+Mbps Up
Browser
Vivaldi Snapshot
Antivirus
Avast