The Clubhouse audio-based social app has been consistently in the news over the past few months as it has become very popular but so far the service is still only available for iOS. With regular headlines and huge venture capital rounds, Android users have been eager to check out the service and that is exactly what some scammers are taking advantage of with the fake Android Clubhouse apps.
A fake Clubhouse Android Club discovered by researchers at ESET spol sro was discovered to contain a malicious package aimed at stealing users’ login information from various services online. The Clubhouse cheat app for Android includes a Trojan called “BlackRock” and can steal data from at least 458 online services.
Targeted services include financial and purchasing apps, cryptocurrency exchanges, social media services and messaging platforms. Specific targets include Twitter Inc., WhatsApp, Facebook Inc., Amazon.com Inc., Netflix Inc., Outlook, eBay Inc., Coinbase Inc. and Cash App.
The fake app is distributed through a fake website which is described as looking like the “real deal” and a well-executed copy of the legitimate Clubhouse website. Unlike official circulation, visitors are encouraged to download the app directly instead through Google Play.
While the ability to steal account details is bad enough, the BlackRock Trojan also has the ability to capture text messages. This means that even users would use two-factor authentication to prevent anyone from having their accounts exposed to account theft as well.
“One of the problems with creating unique online experiences is that they’re becoming popular and everyone wants to join in,” said Tim Mackey, chief presenter. security device at electronic design automation company Synopsys Inc., Cybersecurity Research Center with SiliconANGLE. “When the online experience comes from a specific app and there is no version for both Apple and Android operating systems, such a gap is an attractive target for criminals to take advantage of. ”
Chris Clements, vice president of solutions architecture at IT service management company Cerberus Cyber Sentinel Corp. notes that “cybercriminals will take advantage of any opportunity to put their victims at risk and the launch of a popular new app that is not yet available on a major platform like Android brings give them a great opportunity. ”
“The BlackRock trojan is one of the biggest pieces of mobile malware – it’s almost easier to list the accounts it doesn’t steal,” Clements said. “Coupled with almost complete control of the mobile device if they receive Access Service benefits, this can be devastating for victims who have their phones as the main computing device in their life.”
The final solution here is to prevent scammers and malware operators from targeting Android users to offer the Clubhouse Android app. That app may be off sometime, though, with Clubhouse hiring Android software developer February 22nd.
Clubhouse suffered a security breach in February when a third-party developer designed an open source app that allowed Android users to access Clubhouse, that would be one without malware.
Image: Clubhouse
Since you are here …
Show your support for our mission with the one-click subscription to our YouTube channel (below). The more subscribers we have, the more YouTube will recommend relevant content and emerging technology content to you. Thank you very much!
Support our mission: >>>>>> SUBSCRIBE NOW >>>>>> to our YouTube channel.
… We would also like to tell you about our mission and how you can help us achieve it. SiliconANGLE Media Inc.’s business model. based on the intrinsic value of the content, not advertising. Unlike many online publications, we do not have a payroll or run banner advertising, as we want to keep our journalism open, without the impact or need to follow traffic.News, commentary and commentary on SiliconANGLE – along with live, unwritten video from our Silicon Valley studio and global video teams at theCUBE – take a lot of hard work, time and money. Maintaining the high quality requires sponsorship support that is in line with our vision of ad-free journalism content.
If you would like commentary, video interviews and other ad-free content here, please take a moment to view a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.