Breaking
Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621 Hackers Hide Credit Card Stealer in Pixel-Sized SVG Images Targeting Magento Stores Microsoft Suspends Developer Accounts for High-Profile Open Source Projects European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack Ransomware Attacks Surge in 2026: Healthcare and Finance Most Targeted Google Chrome Zero-Day Vulnerability Actively Exploited – Update Immediately Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621 Hackers Hide Credit Card Stealer in Pixel-Sized SVG Images Targeting Magento Stores Microsoft Suspends Developer Accounts for High-Profile Open Source Projects European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack Ransomware Attacks Surge in 2026: Healthcare and Finance Most Targeted Google Chrome Zero-Day Vulnerability Actively Exploited – Update Immediately
Latest Threat Intel Zero-Days Data Breaches Analysis
Live threat feed June 17, 2026 | 09:59 UTC
4021 CVEs This Month
15 Actively Exploited
0 Ransomware Activity
25 Breaches YTD
Threat Investigation Portal
Investigate an IOC in the live graph workspace.
Investigate IOC
Threat Intelligence

New Rokarolla Android Malware Steals PINs, SMS Codes, and Crypto Wallet Funds

Thirumala Rao Padilam Thirumala Rao Padilam June 16, 2026
New Rokarolla Android Malware Steals PINs, SMS Codes, and Crypto Wallet Funds

Zimperium's zLabs researchers have identified a new Android banking trojan named Rokarolla designed to target 217 banking and cryptocurrency applications. The malware executes 137 remote commands that provide attackers near-total control over infected devices, including intercepting PINs, SMS messages, and manipulating cryptocurrency transactions.

What happened

Security experts at Zimperium's zLabs have documented Rokarolla, a sophisticated new Android banking trojan. This malware specifically targets 217 banking and cryptocurrency apps, allowing threat actors to perform a broad spectrum of malicious activities remotely. Rokarolla's command set comprises 137 functions, enabling comprehensive manipulation of the victim's mobile device operations.

Why it matters

Rokarolla represents a significant threat to Android users involved with financial and cryptocurrency services due to its extensive capabilities. By extracting lock-screen PINs, intercepting SMS messages, and altering clipboard content for crypto payments, it compromises both user authentication and financial transactions. Moreover, the ability to disable Google Play services could impede users from receiving security updates or accessing legitimate apps.

What security teams should do

Security teams should be aware of Rokarolla's multifaceted attack methods and monitor for unusual device behaviors, such as the disabling of Google Play or unexpected clipboard changes. Organizations should educate users to avoid installing apps from untrusted sources and apply mobile security solutions capable of detecting sophisticated banking trojans. Regular reviews of authentication and transaction methods for potential compromises are also advisable.

Key technical details

Rokarolla operates by executing 137 distinct remote commands that grant attackers near-total control over infected Android devices. Key functionalities include lifting lock-screen PINs, enabling interception and transmission of SMS messages, rewriting clipboard data to redirect cryptocurrency transactions, and disabling Google Play services to potentially block security updates. The targeted apps span a broad range of 217 banking and cryptocurrency applications.

Affected organizations/products

The malware targets 217 banking and cryptocurrency applications on Android devices, implicating users who manage financial and crypto assets via mobile apps.

Source attribution

https://thehackernews.com/2026/06/new-rokarolla-android-malware-steals.html

Thirumala Rao Padilam
Written by
Thirumala Rao Padilam
error: Content is protected !!