Security experts are warning Android phone users about a resurgence of hackers attempting to deceive consumers into installing popular apps containing the dangerous Rokarolla bug. This malware can spy on devices, steal sensitive information such as banking details, and even create fake lock screens to capture passwords and PINs.

The method of infection involves exploiting Android’s capability to sideload apps onto devices, a feature unique to the Android platform compared to Apple’s iOS. Cybercriminals redirect users searching for apps like TikTok or Chrome to rogue websites that offer fake versions of these apps bundled with Rokarolla.

Once the fake app is downloaded and permissions are granted, the malware gains access to personal data, posing a significant threat to over 200 financial, cryptocurrency, and social media applications. These threats are designed to bypass traditional mobile security solutions.

To mitigate the risk of falling victim to such attacks, users are advised to only download apps from the official Google Play Store and ensure that Google Play Protect is enabled. Sideloading apps may seem convenient but carries inherent security risks that can be avoided by sticking to trusted app sources.