The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

Beyond Banking Trojans: Rokarolla Expands the Android Fraud Playbook

Jun 26, 2026 2:32:36 PM / by The Hivemind posted in Threat Bulletin, Android Malware, Android banking trojan, mobile banking fraud, cryptocurrency malware, Rokarolla, banking malware, Android phishing overlays

0 Comments

Verticals Targeted: Financial, Cryptocurrency
Regions Targeted: Global
Related Families: Rokarolla

Executive Summary

Researchers have identified Rokarolla, a newly discovered Android banking trojan distributed through malicious websites impersonating trusted applications such as TikTok, Google Chrome, and Google Play Protect. The malware targets at least 217 banking and cryptocurrency applications and leverages Android Accessibility Services, phishing overlays, SMS interception, keylogging, screen monitoring, and call blocking to facilitate financial fraud. Rokarolla exposes at least 137 operator commands and employs multiple persistence and evasion mechanisms, allowing attackers to maintain extensive control over infected devices while minimizing user awareness and intervention.

Read More
All posts

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts

Join the Marketplace

For Enterprises and Businesses

Learn More

For Security Experts and AV Companies

Learn More