Trojan posing as the Clubhouse app is capable of stealing the login credentials of more than 450 applications
Club House has become the most popular app in recent weeks, however hackers have taken advantage of the interest of users to create a fake platform for Android.
The audio-based social network only has a version for ios and can only be accessed by invitation, but it was discovered that there is a version for the operating system of Google that installs a malware.
According to the company cybersecurity ESET the fake clubhouse has a similar design to the original, but contains a trojan able to steal credentials login of at least 458 applications.
The virus dubbed “BlackRock” by ThreatFabric and detected by ESET products such as Android / TrojanDropper.Agent.HLR.
“The website looks like the real thing. It’s a well done copy of the legitimate Clubhouse website. However, once the user clicks ‘Get it on Google Play’, the app will automatically download to the user’s device. Let’s keep in mind that legitimate websites always redirect the user to Google Play instead of directly downloading the Android Package Kit (APK), ”said Lukas Stefanko, an Eset researcher who identified the Trojan.
Android Trojan impersonating the Clubhouse app
The virus can access cryptocurrency exchange, financial and shopping apps, as well as social media and messaging platforms. It was found that it could access Twitter, WhatsApp, Facebook, Amazon, Netflix, Outlook, eBay, Coinbase, Plus500, Cash App, BBVA, and Lloyds Bank, among others.
Through a statement it was explained that once the user downloads the fake clubhouse the trojan tries to steal your credentials using an overlay attack, known in English as an overlay attack.
“In other words, every time a user starts an app from one of the more than 450 affected services on their mobile, the malware will create a screen that will overlap the original app and ask the user to log in. But instead of logging into the service, the user will have inadvertently handed over their credentials to cybercriminals “
ESET detailed that the installation of double authentication factor (2FA) through SMS could not help prevent hackers from accessing applications since the virus can also intercept text messages.
In accordance with ESET there are some indications that it is a bogus application, even before users can access it.
“For example, the connection is not made securely (HTTP instead of HTTPS) or the site uses the top-level domain ‘.mobi’ (TLD), instead of ‘.com’. as used by the legitimate application “
Experts point out that at the moment the application has not been launched for Android and is only available to ios. He also asked users to always check the official pages if there is a version for their device.
