SciPHRSciPHR/ Learn sciphr.io ↗

Rokarolla's clipboard swap on Android.

2026-06-18

On June 16, Zimperium documented Rokarolla, an Android trojan targeting 217 banking and crypto apps. One of its quieter tricks: It watches the clipboard and silently replaces any wallet address you copy with the attacker's.

To send crypto, you copy a long string of characters that names the destination wallet, then paste it into your app. The trojan swaps in an address it controls. The string is too long to check by eye, so most people never notice.

A blockchain confirms a transfer is signed and the address is valid. It does not check the address is the one you meant. Once you approve, the payment is final.

The cryptography held. What failed sat one layer up, between the address on your screen and the address you intended. Securing the key does little if the device can quietly rewrite where the money goes.

Source: https://zimperium.com/blog/rokarolla-android-banker-with-complete-device-takeover-capabilities

← BackAll of Learn
Network: TESTNET ·_