A new Android banking trojan named Rokarolla is targeting 217 banking and cryptocurrency applications using an extensive set of 137 commands.

The malware is distributed via malicious websites purporting to provide the Google Chrome or TikTok app, and can take complete administrative control of a compromised device.

Its capabilities include stealing lock screen credentials, contact lists, and SMS data, as well as using keyloggers to continuously record user input.