The Fake Clubhouse app for Android steals everything from users

Leo Adkins March 21, 2021 0

Cyber ​​criminals are trying to exploit the popularity Club House To distribute a Malware that aims to steal login information of Android users For a variety of online services, discover an electronic searcher.

Lukas Stefanko of Czechoslovakian ESET, devoted to cybersecurity, found out by pretending that he Android version of Clubhouse, Which still does not exist, is distributing a malicious package from a social network-like website of popular audio content.

“The website looks like the real thing. To be honest, this is a good copy of the legitimate club website. However, once the user clicks” Get it from Google Play “, the app will automatically download to the user’s device. Bear in mind that the websites are Legitimacy always redirects the user to Google Play instead of directly downloading the Android Package Kit (APK), Stefanko said.

According to the expert, The malware is a Trojan horse nicknamed “BlackRock”.Agent.HLR, which was detected by ESET as Android / TrojanDropper.Agent.HLR, has the extension The ability to steal victims’ login details For at least 458 online services.

List of services you can get Stealing credentials Access includes cryptocurrency exchange apps, financial and shopping apps, as well as social networks and messaging platforms.

between the The stolen data is that of the platforms How:

  • Twitter
  • The WhatsApp
  • The social networking site Facebook
  • Amazon
  • Netflix
  • Prospects
  • EBay
  • Queen Piece
  • Plus500
  • Cash app
  • BBVA
  • Lloyds Bank

How does malware pretending to be Clubhouse work?

Once the victim fell into the trap and downloaded and installed BlackRock, The Trojan horse tries to steal the credentials using a trap attack, Otherwise known in English as Overlay attack.

Causing that every time a user starts playing a file Malware It will use an app from a listed service to create a screen that it overlaps with Implementation It’s original and the user will be asked to log in.

But instead of logging into the service, the user will inadvertently hand over their credentials to the cyber criminals.

Besides the Malicious application It also requires the victim to enable access services, effectively allowing criminals to gain control over the device.

How to identify a fake club website?

The researcher noticed this Some indications of the falsehood of the site Is that the connection is not done in a secure manner, that is, instead of connecting to the HTTPS address, it only connects to HTTP.

In addition, the site uses the domain .mobi, not .com, as does the legitimate app for Club House.

Another warning sign is that though Clubhouse plans to release an Android version soon In your app, the platform is still only available for iPhones.

Photo: ESET.

What is a club?

Club House It is a platform only for voice chat room. It was launched in March and allows Listen to and sometimes participate in live discussions On various topics such as “how to learn to code”, meditation or even general education games.

The social network is only accessible on iOS and to access it you need to get an invitation. But thanks to the restrictions imposed before The epidemic And the emergence of celebrities like a businessman Elon Musk, Currently at 10 million users per week.

Photo: internet.

More Stories

WhatsApp has a function to send messages without an internet connection

WhatsApp has a function to send messages without an internet connection

Leo Adkins May 19, 2023 0
These are the new AI tools introduced by Google🎦

These are the new AI tools introduced by Google🎦

Leo Adkins May 18, 2023 0
James Webb has just made an unprecedented discovery in our solar system – he taught me about science

James Webb has just made an unprecedented discovery in our solar system – he taught me about science

Leo Adkins May 17, 2023 0
Microsoft is willing to hijack your entire screen to “convince” you to upgrade to Windows 11

Microsoft is willing to hijack your entire screen to “convince” you to upgrade to Windows 11

Leo Adkins May 16, 2023 0
Apply this home remedy to get rid of gum fungus from your fridge, this is how you prepare it

Apply this home remedy to get rid of gum fungus from your fridge, this is how you prepare it

Leo Adkins May 16, 2023 0
Endgame’ and becomes the second highest-grossing film in Mexico

Endgame’ and becomes the second highest-grossing film in Mexico

Leo Adkins May 16, 2023 0

Leave a Reply

Your email address will not be published. Required fields are marked *

You may have missed

Ugandans don't want their government to bail out big companies · Global Voices

Ugandans don't want their government to bail out big companies · Global Voices

Mia Thompson April 20, 2024 0
He fires missiles, according to the American official – El Financiero

He fires missiles, according to the American official – El Financiero

Cedric Manwaring April 19, 2024 0
Judge responds to Trump interruption during jury selection in Stormy Daniels case: 'I will not allow for intimidation'

Judge responds to Trump interruption during jury selection in Stormy Daniels case: 'I will not allow for intimidation'

Cedric Manwaring April 17, 2024 0
Paul Krugman: Don't be fooled, the American economy is an extraordinary success story a job

Paul Krugman: Don't be fooled, the American economy is an extraordinary success story a job

Mia Thompson April 16, 2024 0
Doctors remove a dentist's needle from a 4-year-old girl's brain

Doctors remove a dentist's needle from a 4-year-old girl's brain

Cedric Manwaring April 16, 2024 0