A newly discovered Android banking trojan, dubbed Rokarolla, targets 217 banking and cryptocurrency applications and can execute 137 commands on infected devices, according to researchers at Zimperium.

Named after its command-and-control (C2) infrastructure, Rokarolla is primarily distributed through malicious websites that impersonate popular applications such as TikTok and Google Chrome, fooling users into downloading what appears to be a legitimate app.

Banker malware impersonating a legitimate app and requesting accessibility service (Source: Zimperium)

Zimperium said Rokarolla is designed to steal financial information while giving attackers broad control over compromised devices.

“Its malicious capabilities include…