Security experts are warning Android phone users about a new threat from hackers attempting to deceive consumers into downloading popular apps containing the dangerous Rokarolla bug. This malware can spy on devices, steal sensitive data like banking information, and even create fake lock screens to capture security credentials.
The Rokarolla infection is spread through a campaign that exploits Android’s ability to sideload apps onto devices, a feature unique to the Android operating system compared to Apple’s iOS. Users searching for apps like TikTok or Chrome may be redirected to fake websites offering seemingly legitimate software, which, when downloaded, secretly installs Rokarolla.
Once installed, these malicious apps request various permissions, such as accessing notifications, appearing authentic to users who unknowingly grant access. This enables cybercriminals to begin stealing data from the compromised device.
According to Zimperium, the creators of Rokarolla, the malware targets a wide range of financial, cryptocurrency, and social media applications, employing advanced tactics to evade traditional mobile security measures.
To protect against this threat, users are advised to download apps only from the official Google Play Store and ensure that Google Play Protect is enabled on their devices. Sideloading apps from unofficial sources poses significant risks, making it crucial to exercise caution when downloading software from outside the Play Store.