Android users have been warned of a scam that uses the popularity of the new Clubhouse app, which is currently only available on iOS. The thugs trick users into believing that they are finally offered a version for their operating system and steal their data.
While many users wait for designers to come up with an Android version of the new Clubhouse app, which currently only works on iOS, hackers have anticipated. They have created a virus capable of stealing personal data, warns the ESET company. This is a fake website where internet users are invited to download the so-called novelty, when in reality they only receive the virus on their cellphones.
A malicious BlackRock application
According to the ESET blog, the bogus site collects a real one but its web address is joinclubhouse.mobi, while the real one is joinclubhouse.com. When a visitor chooses to download the app for Android and clicks Install on Google Play, the malicious file is immediately downloaded.
Malicious web claiming to offer #Clubhouse for Android spreads banking trojan Blackrock. It lures credentials from 458 apps – financial, cryptocurrency exchanges & wallets, social, IM and shopping apps. There is currently no official Clubhouse app for Android. #ESETresearch 1/2 pic.twitter.com/azlxjvIgNO
– ESET research (@ESETresearch) March 16, 2021
Upon entering the system, malware dubbed BlackRock is launched along with the opening of Twitter, WhatsApp, Facebook, etc. Except that instead of the original window of the application, the user will see a fake one inviting to enter his login, password or other personal information. The data is thus stolen and transmitted to hackers.
In total, BlackRock can steal data after connecting to more than 450 different online services, says ESET. It can also intercept SMS messages to bypass two-factor authentication.
The trendy app
Launched in March 2020, the Clubhouse app has gained popularity recently. It reserves a social audio conversation space but is currently only available on iOS. Users can join the network by invitation only.
An investigation in France against Clubhouse
This new application has already been targeted by an investigation in France, opened by the National Commission for Informatics and Liberties (CNIL). This aims to check whether the social network does not violate the data protection rules that apply in European countries.
It is a petition collecting more than 10,000 signatures that pushed the authority to this verification of possible breaches of privacy through this.