Rokarolla Android Trojan Levels Up to Full Device Control

The emerging malware, spread via fake TikTok and Chrome downloads, demonstrates an evolution by combining banking fraud with extensive device surveillance and remote control.

June 16, 2026

Yet another Android banking Trojan is making the rounds, one that demonstrates an evolution in the typical malware of its kind by combining banking fraud capabilities with extensive device surveillance, remote control, and persistence mechanisms.

Researchers at Zimperium zLabs have discovered the malware, dubbed Rokarolla because of the name of its command-and-control (C2) infrastructure, being distributed through malicious websites, including hxxps[://]infocontablidades[.]it[.]com/, according to a report published today. The malware masquerades as legitimate applications such as Google Chrome and TikTok on these sites to fool mobile device users into downloading what they think is a legitimate app.

Like typical banking Trojans, the malware can compromise cryptocurrency and banking applications to steal credentials; in this case, it affects 217 distinct apps, according to the report. However, Rokarolla goes further than other malware of its kind in that it uses what researchers call "a sophisticated suite of 137 commands" to take administrative control over an infected device, Zimperium researchers Vishnu Pratapagiri and Fernando Ortega wrote in the report.