Security experts have issued a warning to Android phone users about a new threat from hackers. These cybercriminals are distributing popular applications infected with the dangerous Rokarolla bug, which can compromise devices by spying on them and stealing sensitive information like banking credentials.
One alarming capability of Rokarolla is its ability to create a fake lock screen that mimics the device’s actual lock screen to capture PIN numbers, security patterns, and passwords.
The infection by Rokarolla occurs through a campaign that exploits Android’s feature allowing the installation of apps from sources other than the official Google Play Store. This feature, unique to Android compared to Apple’s iOS, opens the door to users being redirected to malicious websites posing as legitimate app sources when searching for apps like TikTok or Chrome.
Users who fall for this trick end up downloading a fake version of the desired application bundled with the Rokarolla malware. These malicious apps request excessive permissions, such as access to notifications, which users often grant without suspicion due to the appearance of legitimacy.
Once the malware gains access, cybercriminals can exploit the compromised device to steal data from over 200 financial, cryptocurrency, and social media applications, as explained by Zimperium, the security team that first identified this threat.
To protect against such attacks, it is strongly advised to only download apps from the official Google Play Store and enable Google Play Protect, a service that Google claims can safeguard devices from the Rokarolla bug. While sideloading apps may seem convenient, it carries inherent risks that users should be cautious of to avoid falling victim to malware attacks.