Hackers are leveraging the popularity of the Clubhouse app to spread a Trojanized program.
ESET recently discovered that a Trojanized program targets the Android users by spreading fake Clubhouse versions for Android users. The malware steals login credentials of the users which they type into their Android devices.
Fake Android Version of Clubhouse Delivers Malware
As Clubhouse is not available for the Android users yet, the malicious actors are taking advantage of fake Android version of Clubhouse to deliver malware. They released a malicious version of the app and disguised a malware within the famous audio-based chat app.
ESET, the antivirus company discovered the Trojan program within the fake version of the Clubhouse app. This is being circulated via a phishing website “joinclubhouse[.]mobi” over the web.
Malicious web claiming to offer #Clubhouse for Android spreads banking trojan Blackrock. It lures credentials from 458 apps – financial, cryptocurrency exchanges & wallets, social, IM and shopping apps. There is currently no official Clubhouse app for Android. #ESETresearch 1/2 pic.twitter.com/azlxjvIgNO
— ESET research (@ESETresearch) March 16, 2021
It appears like the hackers have designed this website similar to the legitimate Clubhouse website, to trick Android users. However, the site offers users to install the Android version for Clubhouse app from the Google Play Store.
However, users should beware of that, because you will end up downloading a Trojanized program rather than a legitimate Clubhouse app. The malware is known as Blackrock that is a banking trojan. The threat lures users to steal passwords and credentials of around 458 online apps and services. These include financial and banking apps, cryptocurrency exchanges, Instant messaging apps and shopping apps.
To gain users trust, it offers to download the Clubhouse app from the Google Play Store . However, while clicking on the download button, it delivers the fake app via its own server.
What does Blackrock Android Trojan Do?
When Blackrock Android Trojan install, it will attempt to steal login credentials. It uses a spoofing method by showing a fake login window over the apps user opens. The credentials typed to the window is recorded and sent to the hacker’s server.
“Using SMS-based two-factor authentication (2FA) to help prevent anyone from infiltrating your accounts wouldn’t necessarily help in this case, since the malware can also intercept text messages,” says ESET. “The malicious app also asks the victim to enable accessibility services, effectively allowing the criminals to take control of the device.”
It is worth to inform users that Clubhouse is yet to launch its Android version, however it won’t be available anytime soon. So, for the updates users should visit the official website of the Clubhouse and only download it directly from the Google Play Store.
Avoid visiting or clicking links on phishing “joinclubhouse[.]mobi” website, as it tricks into downloading banking Trojan to steal passwords of various apps.