Tweet
The invitation-only audio chat app Clubhouse is tremendously popular at the moment which is why cybercriminals have created a fake Android version of the app in order to deliver malware capable of stealing user credentials from hundreds of online services.
The fake app was discovered by ESET malware researcher Lukas Stefanko on a website designed to mimic the look and feel of the legitimate Clubhouse site. While the company eventually plans to release an Android version, its app is currently only available on iOS.
The fake Android Clubhouse app doesnāt allow you to access the service and it also contains a trojan nicknamed āBlackRockā by ThreatFabric and detected by ESET as Android/TrojanDropper.Agent.HLR.
[ul]
[li]Weāve built a list of the best antivirus software available[/li][li]These are the best Android antivirus apps on the market[/li][li]Also check out our roundup of the best endpoint protect[/li][/ul]
Stefanko provided further insight on the fake appās first big red flag in a blog post, saying:
āThe website looks like the real deal. To be frank, it is a well-executed copy of the legitimate Clubhouse website. However, once the user clicks on āGet it on Google Playā, the app will be automatically downloaded onto the userās device. By contrast, legitimate websites would always redirect the user to Google Play, rather than directly download an Android Package Kit, or APK for short.ā
[HEADING=1]Fake Clubhouse app[/HEADING]
The fake Clubhouse app being circulated online is able to steal victimsā login data from 458 different online services including well-known financial and shopping apps, cryptocurrency exchanges, social media services and messaging platforms. The BlackRock trojan included in the app can steal credentials from Twitter, WhatsApp, Facebook, Amazon, Netflix, Microsoft Outlook, eBay, Coinbase, Cash App, BBVA and Loyds Bank among other apps and online services.
Realizing the impostor Clubhouse website and app are fake isnāt that difficult though, especially if you know what to look for. For instance, the website uses the top-level domain (TLD) ā.mobiā instead of ā.comā and if a user does end up downloading the .apk file from the site, the name of the downloaded app is āInstallā instead of āClubhouseā.
Once a victim downloads and installs the fake app, the BlackRock trojan tries to harvest their credentials by using an overlay attack. In this kind of attack, whenever a user launches one of the targeted applications on their smartphone, the malware creates an overlay of the application and requests that they login. However, instead of logging into an app, the users is actually unwittingly handing over their credentials to the cybercriminals behind the campaign.
To make matters worse, even using SMS-based two-factor authentication wonāt help victims as the malware also has the ability to intercept their text messages. The fake Clubhouse app also asks victims to enable accessibility services to give the attackers even more control over their devices.
While you may be tempted to download this fake Clubhouse app especially if youāre an Android user, it is strongly recommended that you wait for the company to release an official version and only install apps directly from the Google Play Store.
[ul]
[li]Weāve also featured the best malware removal software[/li][/ul]
Continue readingā¦
The fake app was discovered by ESET malware researcher Lukas Stefanko on a website designed to mimic the look and feel of the legitimate Clubhouse site. While the company eventually plans to release an Android version, its app is currently only available on iOS.
The fake Android Clubhouse app doesnāt allow you to access the service and it also contains a trojan nicknamed āBlackRockā by ThreatFabric and detected by ESET as Android/TrojanDropper.Agent.HLR.
[ul]
[li]Weāve built a list of the best antivirus software available[/li][li]These are the best Android antivirus apps on the market[/li][li]Also check out our roundup of the best endpoint protect[/li][/ul]
Stefanko provided further insight on the fake appās first big red flag in a blog post, saying:
āThe website looks like the real deal. To be frank, it is a well-executed copy of the legitimate Clubhouse website. However, once the user clicks on āGet it on Google Playā, the app will be automatically downloaded onto the userās device. By contrast, legitimate websites would always redirect the user to Google Play, rather than directly download an Android Package Kit, or APK for short.ā
[HEADING=1]Fake Clubhouse app[/HEADING]
The fake Clubhouse app being circulated online is able to steal victimsā login data from 458 different online services including well-known financial and shopping apps, cryptocurrency exchanges, social media services and messaging platforms. The BlackRock trojan included in the app can steal credentials from Twitter, WhatsApp, Facebook, Amazon, Netflix, Microsoft Outlook, eBay, Coinbase, Cash App, BBVA and Loyds Bank among other apps and online services.
Realizing the impostor Clubhouse website and app are fake isnāt that difficult though, especially if you know what to look for. For instance, the website uses the top-level domain (TLD) ā.mobiā instead of ā.comā and if a user does end up downloading the .apk file from the site, the name of the downloaded app is āInstallā instead of āClubhouseā.
Once a victim downloads and installs the fake app, the BlackRock trojan tries to harvest their credentials by using an overlay attack. In this kind of attack, whenever a user launches one of the targeted applications on their smartphone, the malware creates an overlay of the application and requests that they login. However, instead of logging into an app, the users is actually unwittingly handing over their credentials to the cybercriminals behind the campaign.
To make matters worse, even using SMS-based two-factor authentication wonāt help victims as the malware also has the ability to intercept their text messages. The fake Clubhouse app also asks victims to enable accessibility services to give the attackers even more control over their devices.
While you may be tempted to download this fake Clubhouse app especially if youāre an Android user, it is strongly recommended that you wait for the company to release an official version and only install apps directly from the Google Play Store.
[ul]
[li]Weāve also featured the best malware removal software[/li][/ul]
Continue readingā¦