Links submitted by the Threat Radar community and AI curated for defenders.

Community Curated

NCSC UK

GCP Compute Engine Security

GCP Kubernetes Security

AWS Security Bulletins

CERT/CC

Tenable Research

Google Project Zero

Microsoft Security Blog

Cisco Talos

Zero Day Initiative

Palo Alto Unit 42

Krebs on Security

Kaspersky Security Blog

Check Point Research

CVE Database V5

AlienVault OTX General

Bleeping Computer

SANS ISC Handlers Diary

SecurityWeek

Threatpost

Exploit-DB RSS Feed

Reddit ExploitDev

Reddit ThreatIntel

Reddit BlueTeam

Reddit Reverse Engineering

Reddit Malware

Reddit Cybersecurity

Reddit NetSec

ThreatFox MISP Feed

CIRCL OSINT Feed

GCVE Database

Reddit InfoSec News

The Hacker News

Dark Reading

AlienVault OTX Vulnerabilities

AlienVault OTX Malware

JVN Japan

Rokarolla is an Android banking trojan distributed via malicious websites posing as popular apps like TikTok or Google Chrome. It targets 217 cryptocurrency and banking apps with 137 commands to control infected devices. The malware harvests lock screen credentials, contact lists, SMS data, and uses keyloggers and fraudulent overlays to steal banking information. It disables Google Play Protect, hijacks SMS and calls, manipulates clipboard content for cryptocurrency theft, and performs screen surveillance. Rokarolla maintains persistence by hiding its icon, muting audio, and keeping the screen active indefinitely.

Rokarolla is a sophisticated Android banking trojan that achieves full device takeover through a dropper impersonating Google Play Protect, which installs a secondary payload. It targets a wide range of cryptocurrency and banking applications using numerous commands to control the device. Its capabilities include stealing lock screen credentials, exfiltrating contacts and SMS, deploying keyloggers, blocking calls, creating overlay attacks to capture banking credentials and unlock patterns, disabling Google Play Protect, hijacking SMS and calls, manipulating clipboard data to steal cryptocurrency, and conducting snapshot-based screen surveillance. The malware ensures persistence by hiding its icon, muting device audio, and preventing the device from sleeping. Communication with its command and control infrastructure occurs over HTTPS.

Detailed information about Android Banker with Complete Device Takeover Capabilities. Get real-time updates, technical details, and mitigation strategies.

Android Banker with Complete Device Takeover Capabilities - Live Threat Intelligence - Threat Radar | OffSeq.com

Android Banker with Complete Device Takeover Capabilities

Threats Tagged 'rokarolla'

Stop chasing alerts. Route them.

Check if your credentials are on the dark web

Filter Threats

Threats Tagged 'rokarolla'

Lead Pen Test Professional

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility