Cyber criminals are trying to exploit the popularity Club House To distribute a Malware that aims to steal login information of Android users For a variety of online services, discover an electronic searcher.
Lukas Stefanko of Czechoslovakian ESET, devoted to cybersecurity, found out by pretending that he Android version of Clubhouse, Which still does not exist, is distributing a malicious package from a social network-like website of popular audio content.
“The website looks like the real thing. To be honest, this is a good copy of the legitimate club website. However, once the user clicks” Get it from Google Play “, the app will automatically download to the user’s device. Bear in mind that the websites are Legitimacy always redirects the user to Google Play instead of directly downloading the Android Package Kit (APK), Stefanko said.
According to the expert, The malware is a Trojan horse nicknamed “BlackRock”.Agent.HLR, which was detected by ESET as Android / TrojanDropper.Agent.HLR, has the extension The ability to steal victims’ login details For at least 458 online services.
List of services you can get Stealing credentials Access includes cryptocurrency exchange apps, financial and shopping apps, as well as social networks and messaging platforms.
between the The stolen data is that of the platforms How:
- The WhatsApp
- The social networking site Facebook
- Queen Biz
- Cash app
- Lloyds Bank
How does Clubhouse malware work?
Once the victim fell into the trap and downloaded and installed BlackRock, The Trojan horse tries to steal the credentials using a trap attack, Otherwise known in English as Overlay attack.
This results in every time a user starts playing a file Malware It will use an app from a listed service to create a screen that overlaps the Implementation It’s original and the user will be asked to log in.
But instead of logging into the service, the user will inadvertently hand over their credentials to the cyber criminals.
Besides the Malicious application It also requires the victim to enable access services, effectively allowing criminals to take control of the device.
How to identify a fake club website?
The researcher noticed this Some indications of a fake website Is that the connection is not done in a secure manner, that is, instead of connecting to the HTTPS address, it only connects to HTTP.
In addition, the site uses the domain .mobi, not .com, as does the legitimate app for Club House.
Another warning sign is that though Clubhouse plans to release an Android version soon In your app, the platform is still only available for iPhones.
What is a club?
Club House It is a platform only for voice chat room. It was launched in March and allows Listen to and sometimes participate in live discussions On various topics such as “how to learn to code”, meditation or even general education games.
The social network is only accessible on iOS and to access it you need to get an invitation. But thanks to the restrictions imposed before The epidemic And the emergence of celebrities like a businessman Elon Musk, Currently at 10 million users per week.