Android phone users are being warned about a new threat posed by hackers who are distributing malicious apps containing the dangerous Rokarolla bug. This malware can infiltrate devices, allowing cybercriminals to spy on users, steal sensitive information like banking details, and even create fake lock screens to capture passwords and PIN numbers.
The attack, identified by security experts at Zimperium, takes advantage of Android’s ability to install apps from unofficial sources. Users searching for popular apps like TikTok or Chrome may be directed to fake websites that offer seemingly legitimate software but also secretly include the Rokarolla malware.
Once the fake app is downloaded, users are prompted to grant various permissions, making it easy for cybercriminals to access personal data. According to Zimperium, Rokarolla targets a wide range of financial, cryptocurrency, and social media applications, evading traditional security measures.
To protect against this threat, it is recommended to only download apps from the official Google Play Store and enable Google Play Protect. Sideloading apps from unknown sources increases the risk of malware infections. Google advises that devices with Play Protect activated are shielded from the Rokarolla bug.