A new Android malware, dubbed Rokarolla, is disguising itself as legitimate applications like Chrome and TikTok to infiltrate devices. Once installed, the malware attempts to steal login credentials for banking and cryptocurrency apps. Security firm Zimperium reports that Rokarolla spreads through application packages downloaded from unofficial sources, not through the official Google Play Store. The malware functions as a spyware, actively monitoring user activity within financial applications. Users are advised to only download apps from trusted sources like the Google Play Store to mitigate the risk of infection. This threat highlights the dangers of sideloading applications and the importance of robust mobile security practices. The malware poses a significant threat to financial security for Android users.