Even though you should always download new apps from official sources like the Google Play Store, some Android users still end up getting tricked into downloading them from websites which can be extremely dangerous. Case in point, a new Android banking trojan is currently making the rounds online that’s distributed via fake apps from malicious websites.
As reported by BleepingComputer, once installed on vulnerable Android phones, the banking trojan in question is capable of targeting over 200 banking and financial apps to drain accounts and steal crypto. Unsurprisingly, it does so by impersonating Google Chrome and TikTok as both apps are extremely popular.
The trojan installs the new Rokarolla malware which also steals lock screen credentials, your contacts, SMS data and even uses keyloggers to record everything you type into your phone.
Here’s everything you need to know about this new Android banking trojan and how you can keep your bank account safe from the cybercriminals using it in their attacks.
Masquerading as Google Play Protect
Although you should never sideload Android apps unless you absolutely have to, many people still do despite the risk. The hackers behind this campaign use fake websites to trick unsuspecting users into installing Chrome or TikTok unofficially instead of downloading these apps directly from the Google Play Store like they should.
According to a new report from the cybersecurity firm Zimperium, after downloading either app though, the hackers use an interesting trick to give potential victims the illusion of safety. For those unfamiliar, Google’s built-in security app Google Play Protect checks any new software you download for viruses. However, in this case, a fake Play Protect pop-up appears before the Rockarolla malware is actually downloaded. Given the fact that the pop-up perfectly impersonates a Play Protect warning, most users wouldn’t think twice before proceeding with this secondary download.
At this point, the damage is done and the Rockarolla malware gets to work. In total, it’s able to spoof 217 different banking and financial apps to steal your credentials. It does so by using overlays that mimic each individual app. While to the end user it appears as if they’re just logging into their online bank account, they’re actually handing over their username and password to hackers.
Another interesting trick up Rockarolla’s sleeve is that it can steal SMS notifications from your online bank as well as intercept any calls trying to warn you that something is amiss. This way, you won’t get a fraud alert and the hackers can proceed to empty your accounts one by one.
While Google continues to improve Android’s security, if you don’t download apps the right way, you too could easily end up falling victim to this and other malware.
How to stay safe from Android banking trojans
I can’t stress this enough, unless you really know what you’re doing, you should avoid sideloading apps. Sure, malicious apps do manage to sneak past Google’s defenses from time to time but for the most part, if you download new apps from the Play Store, you should be safe. The same goes for other official Android app stores like the Samsung Galaxy Store too.
From there, you want to make sure that Google Play Protect is installed and enabled on your smartphone. It’s enabled by default on all of the best Android phones but it’s always a good idea to check to make sure. For extra protection though, you can also use one of the best Android antivirus apps alongside it. You have to pay for many of them but they typically add other useful features like a VPN or password manager to help keep you safe online.
Despite constant warnings, people keep installing apps from websites instead of official stores. As long as this keeps happening, hackers are going to use it to their advantage. However, if you install new apps the way you’re supposed to, you can avoid falling victim to Rockrolla and other banking trojans like it.
