Security researchers have identified a sophisticated new Android trojan named Rokarolla, which poses a severe threat to users of banking and cryptocurrency applications. According to findings by Zimperium’s zLabs, the malware targets 217 different apps, including popular financial services and crypto wallets, and grants attackers nearly complete control over infected devices.
Extensive Control and Capabilities
Rokarolla is particularly alarming due to its 137 remote commands that allow cybercriminals to perform a wide range of malicious activities. These include stealing lock-screen PINs, reading and sending SMS messages, rewriting clipboard contents, and even accessing device cameras to capture sensitive information. The trojan’s command-and-control infrastructure, which gives it its name, enables attackers to remotely manipulate infected devices with minimal user interaction.
Threat to Financial Security
The malware’s ability to intercept SMS codes—commonly used for two-factor authentication—makes it especially dangerous for financial transactions. By gaining access to these codes, cybercriminals can bypass security layers and potentially drain crypto wallets or bank accounts. Zimperium warns that Rokarolla can also rewrite application data, allowing it to manipulate transactions or redirect funds without the user’s knowledge.
Implications and Response
This discovery underscores the growing sophistication of mobile malware and the urgent need for enhanced security measures. Users are advised to keep their operating systems and apps updated, avoid downloading from untrusted sources, and use third-party security tools to monitor for suspicious behavior. The presence of Rokarolla in the wild highlights the critical importance of vigilance in an increasingly digital world where financial data is at constant risk.



