In an attempt to capitalize on the Clubhouse’s popularity, cybercriminals distribute a fake application with malware that aims to steal login informationn of users for a wide variety of online services.
Simulating to be the version for Android, of Clubhouse, the content app in audio format that is only accessed by invitation and whose version exists only for iPhone, the malicious package is distributed from a website that looks like a legitimate Clubhouse site.
The Trojan, as revealed by security firm ESET, has the ability to steal victims’ login details for at least 458 online services.
The list includes the access credentials to cryptocurrency exchange applications, financial apps and to make purchases, as well as social networks and messaging platforms.
The two opposing versions: the original and the false one that steals data.
In addition to this, services such as Twitter, WhatsApp, Facebook, Amazon, Netflix, Outlook, eBay, Coinbase, Plus500, Cash App, BBVA and Lloyds Bank are present on the list.
“The website looks like the real thing. It’s a well-done copy of the legitimate Clubhouse website though. However, once the user clicks ‘Get it on Google Play’, the application will automatically download to the user’s device, “says Lukas Stefanko, the ESET researcher who identified the Trojan.
Legitimate websites always redirect the user to Google Play instead of directly downloading the Android Package Kit (APK), ”Stefanko mentions.
The firm warns that even before pressing the button to access the application some signs are identified that something is out of place.
For example, the connection is not secure (HTTP instead of HTTPS) or the site uses the top-level domain “.mobi” (TLD) instead of “.com”. as used by the legitimate application.
Experts point out that the fact that the name of the downloaded application is “Install” instead of “Clubhouse” should act as an instant red flag.
Another sign is that although Clubhouse is planning to release the Android version of its app soon, lThe platform is still available only for iPhones.
Once the victim falls for the trap and downloads and installs BlackRock, the Trojan tries to steal your credentials using an overlay attack, known in English as overlay attack.
In other words, every time a user launches an application from a listed service on their phone, the malware will create a screen that will overlap the original app and will ask the user to log in. But instead of logging into the service, the user will have inadvertently handed over their credentials to cybercriminals.
Using two-factor authentication (2FA) using SMS to prevent someone from gaining access to the accounts would not necessarily help in this case, since malware can also intercept text messages.
The malicious app also prompts the victim to enable accessibility services, effectively allowing the victim to criminals take control of the device.
“While this shows that the malware writer was probably a bit lazy in properly cloaking the downloaded application, it could also mean that even more sophisticated copies may be discovered in the future,” he warned.
#fake #version #Clubhouse #Android #steals #mobile #accounts