Cybercriminals are trying to exploit the popularity of Club house to distribute a malware that aims to steal the login information of Android users for a variety of online services, a cyber researcher discovered.
Lukas Stefanko from the Czechoslovak company ESET, dedicated to cybersecurity, discovered that by pretending to be a Clubhouse Android version, which is still non-existent, a malicious package is distributed from a website that has the appearance of the famous audio content social network.
“The website looks like the real thing. To be frank, this is a well done copy of the legit Clubhouse website. However, once the user clicks ‘Get it on Google Play’, the app will automatically download to the user’s device. Keep in mind that legitimate websites always redirect the user to Google Play instead of directly downloading the Android Package Kit (APK) ”, Stefanko said.
According to the expert, the malware is a Trojan nicknamed “BlackRock”, which was detected by ESET as Android / TrojanDropper.Agent.HLR, has the ability to steal victims’ login details for no less than 458 online services.
The list of services for which you can steal credentials Access includes cryptocurrency exchange applications, financial and shopping apps, as well as social networks and messaging platforms.
Between the stolen data are those of platforms What:
- Amazon
- Netflix
- panorama
- eBay
- Coinbase
- Plus500
- Cash application
- BBVA
- Lloyds Bank
How does malware posing as Clubhouse operate?
Once the victim falls for the trap and downloads and installs “BlackRock”, the Trojan tries to steal the credentials using an overlay attack, known in English as overlay attack.
Causing that every time a user starts the malware will use an application from a listed service to create a screen that will overlap the app original and will prompt the user to log in.
But instead of logging into the service, the user will have inadvertently handed over their credentials to cybercriminals.
Besides, the malicious app it also asks the victim to enable accessibility services, effectively allowing criminals to take control of the device.
How to identify the fake Clubhouse site?
The researcher noted that some indications of the falsity of the site are that the connection is not made in a secure way, that is, instead of dialing in the HTTPS address, it dial only HTTP.
As well as that the site uses the domain .mobi and not .com as used by the legitimate application of Club house.
Another warning sign is that although Clubhouse is planning to release the Android version soon of your application, the platform is still available only for iPhones.
What is Clubhouse?
Club house is an audio-only chat room platform. It was launched in March and allows listen to, and sometimes participate in, live discussions on topics as varied as “How to learn to code”, meditation or even general culture games.
The social network is only accessible on iOS and to access it you need to have an invitation. But thanks to the confinements imposed by the pandemic and celebrity appearances like the businessman Elon musk, currently growing at the rate of 10 million users per week.
Introvert. Beer guru. Communicator. Travel fanatic. Web advocate. Certified alcohol geek. Tv buff. Subtly charming internet aficionado.