Rokarolla Android trojan isolates victims from banks
🔒 Researchers have detailed Rokarolla, an Android banking trojan that not only steals credentials but effectively seizes control of phones to isolate victims from banks. The malware spreads via fake sites posing as TikTok or Chrome and uses a dropper impersonating Google Play Protect to install a second-stage payload. Rokarolla abuses Android Accessibility Services, makes itself the default call and SMS handler, hides its icon, mutes alerts and captures screenshots and overlays fake login screens to harvest bank and crypto credentials.
