Security experts are warning Android phone users about a new threat from hackers attempting to deceive consumers into downloading popular apps contaminated with the dangerous Rokarolla bug. This malware can spy on devices, steal sensitive information like banking details, and create fake lock screens to capture passwords and PIN numbers.
The exploit was first identified by the Zimperium team and takes advantage of Android’s capability to sideload apps onto devices, a feature distinguishing it from Apple’s iOS. Users searching for apps such as TikTok or Chrome may be led to malicious websites offering fake versions of these apps bundled with Rokarolla.
Once installed, these fake apps request extensive permissions, making it easy for users to unknowingly grant access to sensitive information. Cybercriminals can then exploit this access to steal data from a wide range of financial, cryptocurrency, and social media applications.
To protect against such threats, users are advised to download apps exclusively from the official Google Play Store and enable Google Play Protect. Sideloading apps poses inherent risks, and activating Google Play Protect can enhance device security against vulnerabilities like Rokarolla.