Clubhouse co-founder has recently said that it will only have an Android version of the app in “a couple of months“. Because of this, there are plenty of fake apps pretending to be the app plaguing the Google Play Store. But a new one is trying to bypass this by making you download it directly from a fake website.
ESET malware researcher Lukas Stefanko found a clone of the official Clubhouse website pushing the BlackRock malware. And because the official website is so simple, it’s not too difficult to make a perfect copy of it.
Though naturally, there’s something that gives its identity as a poser away. One is that it uses the .mobi domain rather than .com that the official Clubhouse website uses. The other is that the Apple App Store download button is replaced with one for the Google Play Store. And when you do hit the button, rather than redirecting you back to the Google Play Store like most legit apps, it downloads the malware to your device directly.
Malicious web claiming to offer #Clubhouse for Android spreads banking trojan Blackrock. It lures credentials from 458 apps – financial, cryptocurrency exchanges & wallets, social, IM and shopping apps. There is currently no official Clubhouse app for Android. #ESETresearch 1/2 pic.twitter.com/azlxjvIgNO
— ESET Research (@ESETresearch) March 16, 2021
The ESET report on the fake Clubhouse for Android website also explains the nature of the BlackRock Trojan type malware. What it does is scans your device for login data and steals them. And it does so for over 458 online services, from messaging and social media apps all the way to shopping and banking.
It’s a sophisticated attempt to infect victims to be sure, but not being one is, in contrast, pretty simple. And it’s down to simply killing the FOMO and accepting that Clubhouse for Android is a few months away.
(Source: ESET)
