• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Skip to footer
Computer Business World News

Computer Business World News

Trending News about Computers, Business and Tech

  • Home
  • BUSINESS
  • CAREERS
  • CLOUD
  • COMPUTERS
  • CYBERSECURITY
  • I.T.
  • TECH
  • VOIP
  • About

No, you haven’t been invited to join Clubhouse – it’s an Android trojan Clubhouse

by

The invitation-only audio chat app Clubhouse is tremendously popular at the moment which is why cybercriminals have created a fake Android version of the app in order to deliver malware capable of stealing user credentials from hundreds of online services.

The fake app was discovered by ESET malware researcher Lukas Stefanko on a website designed to mimic the look and feel of the legitimate Clubhouse site. While the company eventually plans to release an Android version, its app is currently only available on iOS.

The fake Android Clubhouse app doesn’t allow you to access the service and it also contains a trojan nicknamed  “BlackRock” by ThreatFabric and detected by ESET as Android/TrojanDropper.Agent.HLR.

Stefanko provided further insight on the fake app’s first big red flag in a blog post, saying:

“The website looks like the real deal. To be frank, it is a well-executed copy of the legitimate Clubhouse website. However, once the user clicks on ‘Get it on Google Play’, the app will be automatically downloaded onto the user’s device. By contrast, legitimate websites would always redirect the user to Google Play, rather than directly download an Android Package Kit, or APK for short.”

Fake Clubhouse app

The fake Clubhouse app being circulated online is able to steal victims’ login data from 458 different online services including well-known financial and shopping apps, cryptocurrency exchanges, social media services and messaging platforms. The BlackRock trojan included in the app can steal credentials from Twitter, WhatsApp, Facebook, Amazon, Netflix, Microsoft Outlook, eBay, Coinbase, Cash App, BBVA and Loyds Bank among other apps and online services.

Realizing the impostor Clubhouse website and app are fake isn’t that difficult though, especially if you know what to look for. For instance, the website uses the top-level domain (TLD) “.mobi” instead of “.com” and if a user does end up downloading the .apk file from the site, the name of the downloaded app is “Install” instead of “Clubhouse”.

Once a victim downloads and installs the fake app, the BlackRock trojan tries to harvest their credentials by using an overlay attack. In this kind of attack, whenever a user launches one of the targeted applications on their smartphone, the malware creates an overlay of the application and requests that they login. However, instead of logging into an app, the users is actually unwittingly handing over their credentials to the cybercriminals behind the campaign.

To make matters worse, even using SMS-based two-factor authentication won’t help victims as the malware also has the ability to intercept their text messages. The fake Clubhouse app also asks victims to enable accessibility services to give the attackers even more control over their devices.

While you may be tempted to download this fake Clubhouse app especially if you’re an Android user, it is strongly recommended that you wait for the company to release an official version and only install apps directly from the Google Play Store.

View Source

Filed Under: TECH

Primary Sidebar

More to See

After ‘The Voice’ and BET, two Mississippians give one last concert before heading to L.A. – Magnolia State Live

After ‘The Voice’ and BET, two Mississippians give one last concert before heading to L.A. Published 6:45 am Monday, January 30, 2023 … [Read More...] about After ‘The Voice’ and BET, two Mississippians give one last concert before heading to L.A. – Magnolia State Live

CSH Triples Its Computing Power

by Jake W Streamer | published Jan. 30th, 2023 … [Read More...] about CSH Triples Its Computing Power

4 tips for IT career growth in 2023

Despite increasing layoffs across the country, demand for IT pros remains high, especially for software developers and senior software … [Read More...] about 4 tips for IT career growth in 2023

Footer

SITE INFORMATION

COMPUTER BUSINESS WORLD NEWS

About/Contact

Privacy Policy

Thank you for visiting our website.

Recent

  • Russian millionaire on trial in hack, insider trade scheme
  • After ‘The Voice’ and BET, two Mississippians give one last concert before heading to L.A. – Magnolia State Live
  • CSH Triples Its Computing Power

Search

Copyright © 2023 Computer Business World