Rokarolla: new Android malware steals PINs and cryptocurrencies

Published on June 18, 2026 | Translated from Spanish

A new banking trojan called Rokarolla is attacking Android phones to steal PINs, SMS codes, and funds from cryptocurrency wallets. Criminals can empty bank accounts and access financial applications without the user noticing. The threat is real and puts people's money at risk. Cybersecurity becomes essential to avoid serious financial losses.

Android smartphone screen glowing with fake banking app overlay, malicious code injection process visible as red data streams entering a cryptocurrency wallet interface, SMS interception icon flashing while a trojan malware symbol extracts a PIN code, dark room with hacker silhouette in background, cinematic cybersecurity visualization, glowing green and red digital particles, photorealistic technical illustration, dramatic low-key lighting, ultra-detailed circuit board textures, motion blur on data theft process

How Rokarolla operates on Android devices 🛡️

Rokarolla disguises itself as legitimate applications and uses accessibility services to obtain elevated permissions. Once installed, it intercepts SMS messages with verification codes and captures keyboard keystrokes to steal passwords and PINs. The malware also accesses installed cryptocurrency wallets, draining funds without raising suspicion. Experts recommend keeping the system updated and downloading apps only from Google Play.

The PIN you thought was safe isn't so safe anymore 😅

It turns out that four-digit PIN you've been using since 2015, which also works for your gym card, is now Rokarolla's wet dream. The malware doesn't need to guess your birthday; it just needs to watch you type. So, if you thought your cryptocurrency was safe because you hid it in an app with a lock, think again. Maybe the safest thing is to go back to a ceramic piggy bank.