Security experts are warning Android phone users about a new threat from hackers targeting popular applications with the dangerous Rokarolla malware. This malicious software can spy on devices, steal sensitive data like banking information, and even create fake lock screens to capture personal security details.

The latest attack, identified by cybersecurity firm Zimperium, takes advantage of Android’s ability to install apps from sources outside the official Google Play Store. Users searching for apps like TikTok or Chrome may be led to fake websites offering legitimate-looking software but also secretly installing Rokarolla.

Once installed, the rogue apps request various permissions, tricking users into granting access to personal data. This allows cybercriminals to exploit the compromised device and target a wide range of financial, cryptocurrency, and social media applications.

To stay safe, experts advise sticking to official app stores like Google Play Store and enabling Google Play Protect for added security. Sideloading apps from unknown sources always carries risks, so it’s crucial to be cautious about where software is downloaded from to avoid falling victim to such threats.