A new malware, known as Rokarolla, is putting some Android users at risk of having sensitive data stolen. The malware is being spread through browser and social media apps like TikTok. The trojan can then target banking and crypto apps to do the real damage.

Malware has become a part of life with any computing platform these days and that includes Android, but it’s important to really take as many measures as possible to avoid any serious issues (like installing Android 17 if your device is compatible), especially when those issues arise from risks posed by malware like Rokarolla, a new malware spreading to Android devices through banking and social media apps.

Rokarolla, a trojan that can reportedly hit over 200 banking and crypto apps across Android, is capable of stealing your sensitive data. This includes login credentials, which could lead to merely some data stolen and sold to data brokers, or much worse. Stolen money. The malware was discovered by security researchers at Zimperium, who state that the malware is initially spread to devices through apps like Google Chrome and TikTok.

Only, these apps aren’t actually Google Chrome or TikTok. Rather, they’re apps posing to be those legitimate offerings. In hopes that unsuspecting users will fall for the trap. There is of course, a silver lining. It is a lot easier to avoid these issues than you might think.

The Rokarolla malware was not found in Google Play, only in outside sources for Android apps

As is usually the case, this malware was not found within apps in Google Play. Reports state that it is being spread through apps posing as Chrome and TikTok, coming from other sources. So, avoiding the installation of this malware is quite simple. Just make sure you’re not installing apps that don’t come from Google Play. Or, make sure the source you’re getting the APK files from is trusted and won’t distribute those types of dangerous files.

Researchers at Zimperium note that there are telltale signs one can look out for too. For example, this malware will ask for permissions to Accessibility Services. This is in addition to a host of other permissions that aren’t generally required. Again, though, there’s not much to worry about if you stick to Google Play for your apps.