Indonesian Political, Business & Finance News

Bank Accounts at Risk: Android Users Warned of New Malware

| Source: CNBC Translated from Indonesian | Technology
Bank Accounts at Risk: Android Users Warned of New Malware
Image: CNBC

Jakarta, CNBC Indonesia - Android users are being urged to increase their vigilance after cybersecurity experts discovered a new campaign spreading a dangerous malware called Rokarolla. The malware is capable of spying on devices and stealing sensitive data, including online banking login information. The threat re-emerges through fake applications that masquerade as popular apps. Once installed on a device, Rokarolla can harvest various personal data from the victim without their knowledge. More dangerously, the malware can display a fake lock screen that overlays the genuine one. This allows perpetrators to steal the PIN, security pattern, or password entered by the user. The latest campaign, first discovered by the Zimperium cybersecurity team, exploits Android’s sideloading feature, which is the operating system’s ability to install applications from outside the official app store. This feature is often cited as an advantage of Android’s more open ecosystem compared to Apple’s iOS, but it also creates a vulnerability exploited by cybercriminals. When users search for popular apps like TikTok or Google Chrome, they can be redirected to malicious websites that display applications resembling the official versions. If a user is tricked, the fake app is downloaded onto the device, and the Rokarolla malware is silently installed in the background at the same time. Once the application is installed, the user is prompted to grant various permissions, such as access to notifications and other critical features. Because the interface appears convincing, many users unknowingly approve all requests immediately. Once access is granted, the perpetrators can begin stealing information stored on the victim’s device. Zimperium noted that Rokarolla targets a broad ecosystem, encompassing more than 200 financial, cryptocurrency, and social media applications. The malware employs sophisticated evasion tactics specifically designed to bypass older, signature-based mobile security solutions. To avoid such attacks, users are advised to download applications exclusively through the official Google Play Store. While sideloading offers greater flexibility in installing apps, this method inherently carries higher security risks compared to downloading from official sources. Users are also advised to ensure that the Google Play Protect feature is active on their devices, as Google states this service can help protect Android devices from threats like Rokarolla when enabled.

View JSON | Print