Rokarolla Android Malware Targets 217 Banking and Crypto Apps, Steals PINs and Credentials
Summary
Rokarolla is a new Android malware that targets 217 banking and cryptocurrency apps with 137 remote commands. It steals lock-screen PINs, reads and sends SMS messages, rewrites clipboard data to redirect crypto payments, and disables Google Play Protect. The malware spreads through malicious websites posing as popular apps like TikTok and Chrome, using a dropper disguised as Google Play Protect to install the payload and request Accessibility access. It uses overlay attacks to display fake HTML login pages to capture credentials and card details, and can also overlay the lock screen to capture PINs.
Source
Key quotes
· 3 pulledRokarolla targets 217 banking and cryptocurrency apps and includes 137 remote commands.
It lifts lock-screen PINs, reads and sends SMS, rewrites the clipboard to redirect crypto payments, and disables Google Play Protect.
It uses overlays to display fake HTML login pages and captures typed credentials, including card details, while also overlaying the lock screen to capture PINs.
You might also wanna read
Pixnapping: New Android Security Attack Steals Data from Apps and Websites
Pixnapping is a new class of Android security attacks that enables malicious apps to stealthily leak information from other apps and website
Android Vulnerability Allows Malicious Apps to Steal 2FA Codes and Private Data Without Permissions
Researchers have discovered a new Android vulnerability called 'Pixnapping' that allows malicious apps to steal sensitive data including 2FA
arstechnica.com·8mo agoF-Droid's satirical critique of Google Play Protect as "malware" on Android
This article from F-Droid is a satirical piece that uses alarmist language to critique how Android's built-in malware protection (Google Pla
ShadyPanda's 7-Year Malware Campaign Infected 4.3 Million Browsers Through Malicious Extensions
Koi researchers have uncovered a seven-year malware campaign by threat actor ShadyPanda that infected 4.3 million Chrome and Edge browsers t
Malicious npm Package 'lotusbail' Steals WhatsApp Credentials and Messages
A malicious npm package called 'lotusbail' has been discovered stealing WhatsApp credentials and messages from developers. The package, whic
Hacker Takes Control of a16z-Backed Startup's 1,100-Phone Farm for AI-Generated TikTok Ads
A hacker gained control of a 1,100-phone farm operated by Doublespeed, an a16z-backed startup that uses AI-generated social media accounts t

Comments
Sign in to join the conversation.
No comments yet. Be the first.