New Android Malware Rokarolla Discovered

Security researchers from Zimperium's zLabs have identified a new Android malware named Rokarolla, which specifically targets 217 banking and cryptocurrency applications. This malware is classified as a banking Trojan and provides attackers with comprehensive control over infected devices. The malware can steal PIN codes for the lock screen, read and send SMS messages, and manipulate the clipboard to redirect cryptocurrency payments. Rokarolla is equipped with 137 remote commands that allow attackers to control nearly all functions of the affected smartphone, including disabling Google Play, which prevents the installation of security updates and other applications.

These extensive features make Rokarolla a serious threat to the security of users who rely on banking and cryptocurrency apps. The malware employs various techniques to spread and remain undetected. It can be delivered through fake apps or phishing attacks targeting users. Once installed, it can embed itself deeply within the system and take control of the device without the user's knowledge. Zimperium researchers warn that the malware is particularly dangerous as it can steal sensitive information required to access bank accounts and cryptocurrency wallets.

Another concerning feature of Rokarolla is its ability to intercept SMS messages. This allows attackers to steal two-factor authentication codes, which are often used by banks and cryptocurrency platforms to ensure additional security. By accessing these codes, attackers can gain unauthorized access to victims' accounts. Security researchers recommend that users exercise caution when downloading apps from unknown sources. Installing applications from official app stores like the Google Play Store can reduce the risk of infection.

Additionally, users should regularly review their permissions and ensure that they only grant access to sensitive data to applications they actually use. The discovery of Rokarolla comes at a time when the use of mobile banking and cryptocurrency apps is increasing worldwide. According to a recent study, over 1.5 billion people are already using mobile banking services. This growing user base makes attacks on such applications particularly attractive to cybercriminals. Zimperium researchers have already taken steps to halt the spread of Rokarolla.

They are working closely with the affected app providers to develop security updates and inform users about the threat. The vulnerability exploited by Rokarolla could lead to an increase in cyberattacks in the coming weeks as the malware spreads further. The Rokarolla malware is an example of the constantly evolving threats in mobile security. Given the increasing complexity of such attacks, it is essential for users to stay informed about the latest security practices and regularly update their devices. Zimperium has already published a detailed analysis of the malware, which is available on their website.

Security researchers advise installing the latest security updates for Android devices to protect against such threats. The Rokarolla malware could become a serious issue for users of banking and cryptocurrency apps in the coming months if appropriate measures are not taken. The Rokarolla malware was first documented by Zimperium's zLabs on June 18, 2026.