New Android Malware Targets Banking and Crypto Apps

Security researchers at Zimperium discovered a new malicious app for Android phones called Rokarolla. This banking trojan targets 217 different banking and cryptocurrency apps. Once installed, it can steal your lock screen PIN, read and send text messages, change copied information to redirect cryptocurrency payments, and turn off Google Play security features. The software gives criminals almost complete control of an infected phone. This affects anyone who uses an Android phone for banking or cryptocurrency apps. The malware is designed to steal money directly from your accounts. It intercepts the security codes sent by text message that banks use to verify your identity. It also watches what you copy and paste, replacing legitimate cryptocurrency wallet addresses with addresses controlled by thieves.

If you have an Android phone, take these steps immediately:

1. Only download apps from the official Google Play Store, never from websites or links in text messages.
2. Check your installed apps right now. Delete anything you do not recognize or did not intentionally download.
3. Review your bank and credit card statements for unauthorized transactions.
4. Keep Google Play Protect turned on. Go to Settings, then Google, then Security to verify it is active.
5. Do not click links in unexpected text messages, even if they appear to come from your bank. Going forward, treat your phone like you treat your wallet. Enable biometric security like fingerprint or face unlock in addition to your PIN. Set up account alerts so your bank texts you immediately when money moves. Consider using a password manager instead of copying and pasting sensitive information. These habits make it much harder for malware to succeed even if it gets on your device.