Security experts are warning Android phone users about a resurgence of hackers trying to deceive them into installing popular apps containing the dangerous Rokarolla bug. This malware can compromise devices, allowing unauthorized access to sensitive data like banking information. One of its alarming features is the ability to create a fake lock screen to capture PINs and passwords.
The latest scheme, identified by Zimperium, exploits Android’s capability to sideload apps onto devices, a feature unique to the Android operating system. Users searching for apps like TikTok or Chrome may unknowingly end up on rogue websites offering fake versions of these apps bundled with Rokarolla.
Once installed, these fake apps request various permissions, potentially tricking users into granting access to personal data. Cybercriminals then use this access to steal information from a wide range of apps, including finance, cryptocurrency, and social media platforms.
To protect against such threats, experts advise users to download apps exclusively from the official Google Play Store. Sideloading apps poses inherent risks, and enabling Google Play Protect can provide an additional layer of security against malware like Rokarolla.
