MEDIUMMalware
Global

Rokarolla Android Banking Trojan Enables Device Takeover

·Source: Bank Info Security

Updated:

Executive Summary

Malware Targets Banks, Crypto Platforms and Social Media Newly surfaced Android-based banking Trojan gives threat actors near-total control over infected devices, letting them steal user credentials for direct access

Analysis

Malware Targets Banks, Crypto Platforms and Social Media Newly surfaced Android-based banking Trojan gives threat actors near-total control over infected devices, letting them steal user credentials for direct access to financial accounts, says researchers. Rokarolla tricks users into side-loading malicious versions of popular, high traffic apps.

Indicators of Compromise (2)

URL (1)
https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/rokarolla-android-banking-trojan-enables-device-takeover-image_small-4-a-31996.jpg
VirusTotalURLhaus
Domain (1)
ismg-cdn.nyc3.cdn.digitaloceanspaces.com
VirusTotalURLhaus
Source Attribution

Originally published by Bank Info Security on Jun 17, 2026.

Related Threats

MEDIUMMalware

Fileless Phantom Stealer Targets Browser Credentials

In addition to executing entirely in memory, the malware's infection chain incorporates other anti-analysis techniques designed to frustrate detection.

Dark Reading
MEDIUMMalware

New Rokarolla Android malware targets 217 banking, crypto apps

A new Android banking trojan named Rokarolla is targeting 217 banking and cryptocurrency applications using an extensive set of 137 commands. [...]

BleepingComputer
MEDIUMMalware

Steam Workshop abused to spread malware via Wallpaper Engine app

Threat actors are abusing Steam Workshop, Valve's community hub for downloading game-related content, to push various malware hidden in wallpaper packages. [...]

BleepingComputer