Sci-tech

Short url

Android users have been warned of a scam that uses the popularity of the new Clubhouse app, which is currently only available on iOS. The thugs trick users into believing that they are finally offered a version for their operating system and steal their data.

While many users wait for designers to come up with an Android version of the new Clubhouse app, which currently only works on iOS, hackers have anticipated. They have created a virus capable of stealing personal data, warns the ESET company. This is a fake website where internet users are invited to download the so-called novelty, when in reality they only receive the virus on their cellphones.

A malicious BlackRock application

According to the ESET blog, the bogus site collects a real one but its web address is joinclubhouse.mobi, while the real one is joinclubhouse.com. When a visitor chooses to download the app for Android and clicks Install on Google Play, the malicious file is immediately downloaded.

Upon entering the system, malware dubbed BlackRock is launched along with the opening of Twitter, WhatsApp, Facebook, etc. Except that instead of the original window of the application, the user will see a fake one inviting to enter his login, password or other personal information. The data is thus stolen and transmitted to hackers.

In total, BlackRock can steal data after connecting to more than 450 different online services, says ESET. It can also intercept SMS messages to bypass two-factor authentication.

The trendy app

Launched in March 2020, the Clubhouse app has gained popularity recently. It reserves a social audio conversation space but is currently only available on iOS. Users can join the network by invitation only.

An investigation in France against Clubhouse

This new application has already been targeted by an investigation in France, opened by the National Commission for Informatics and Liberties (CNIL). This aims to check whether the social network does not violate the data protection rules that apply in European countries.

It is a petition collecting more than 10,000 signatures that pushed the authority to this verification of possible breaches of privacy through this.