Android users must check their devices immediately following a new warning from cybersecurity experts. Researchers at Zimperium have uncovered a worrying campaign where hackers trick users into installing popular apps infected with a dangerous malware called Rokarolla.
What is Rokarolla?
Once installed, Rokarolla has nasty side effects, including monitoring device activity and stealing sensitive information such as banking credentials. It can display a fake lock screen over the genuine one, allowing attackers to capture PINs, passwords, and security patterns.
How the Attack Works
According to experts, the attacks take advantage of Android's ability to sideload apps — installing software from outside the official app store. While sideloading offers flexibility, it carries significant security risks. Users searching for popular apps like TikTok or Chrome may be redirected to fraudulent websites that appear legitimate. These sites offer counterfeit versions of well-known apps, which secretly install Rokarolla in the background.
Sideloading involves installing an app package file (APK) directly from a website, file transfer, or another device. It can be useful for accessing region-restricted apps or testing older versions, but it risks malware, fake apps, and privacy issues. Users should only sideload from trusted sources and check permissions before installation.
Permissions and Data Theft
Malicious apps typically request extensive permissions, including access to notifications and other sensitive device functions. Because the apps closely resemble legitimate software, many users grant these permissions without hesitation. Once access is granted, attackers can collect personal data and compromise accounts.
"Rokarolla targets an expansive ecosystem of over 200 financial, cryptocurrency, and social media applications," Zimperium said. "By employing sophisticated evasion tactics, these threats are specifically engineered to circumvent legacy, signature-based mobile security solutions."
Protection Tips
To reduce the risk of infection, users should only download apps from the official Google Play Store and avoid sideloading software from unknown sources. Security experts also recommend enabling Google Play Protect, which can help detect and block threats such as Rokarolla.
