Beware! This fake Clubhouse Android app has BlackRock malware
There is a fake Clubhouse Android app that contains the infamous BlackRock malware.
The Clubhouse is one of the most popular social apps. The invite-only audio, social app completed a year this week with 13 million downloads. The Clubhouse is currently available on iOS with an Android version in the works. A fake Clubhouse Android app has been discovered on the Google Play Store, and it actually contains the infamous BlackRock malware.
This malicious application can gain access to the login credentials of more than 450 applications and bypass SMS-based two-factor authentication, according to a report by ESET Irlenad researcher Lukas Stefanko. This app looks exactly like the original Clubhouse app, with the design and user interface possible to fool anyone who doesn't know. The app's website description is the same as the iOS version, with an option to "Get it on Google Play." Once you tap on that button, the app automatically downloads to your phone. This is the biggest indicator in and of itself, as it should have taken you to the Google Play Store from where you would download the app.
ESET notes that there are more indicators that it is a rogue application, and these include the site that uses HTTP instead of HTTPS and the domain name that ends in .mobi and not .com.
The application contains the BlackRock Trojan that is famous for stealing user credentials. Once the malware is installed on the mobile and any other susceptible applications are launched, it will use an overlay attack to steal the user's credentials. Some of the popular apps that can get hacked include Twitter, WhatsApp, Facebook, Amazon, and Netflix.
There is currently no Android version of the Clubhouse app. One is in the works, and when it launches, it will be available on the Google Play Store. Considering the popularity of Clubhouse or any new app, cloned apps that can be potentially dangerous often show up.