Fraudsters Jump On Clubhouse Hype To Push Malicious Android App

A new malicious app is making the rounds that pretends to be the sought-after Android version of Clubhouse. 

Clubhouse is an invitation-only audio chat app that allows users to listen in on conversations in real-time. Attention around the app exploded after Elon Musk tweeted about the app, but as a free service only currently available on iOS, Android device holders may be feeling somewhat left out. 

The startup is yet to launch an Android version of Clubhouse, but until then, fraudsters are hoping to fool users into downloading malicious software. 

On Friday, ESET disclosed the discovery of an Android app that is being served from a clone of the Clubhouse website. While thankfully not found to have slipped the security net on Google Play -- the official repository for Android applications -- researcher Lukas Stefanko said the website uses a "Get it on Google Play" button to try and fool visitors into believing the app is legitimate. 

screenshot-2021-03-19-at-11-33-34.png
ESET

If downloaded and executed, the malicious .APK deploys BlackRock, a banking Trojan capable of extensive data theft. 

Discovered in May 2020, the BlackRock Trojan was traced back to Xerxes and LokiBot, the former of which had its source code leaked online a year prior.  

"Xerxes' source code was leaked, no new malware based on, or using portions of, such code was observed," ThreatFabric said in an advisory last year. "BlackRock seems to be the only Android banking Trojan based on the source code of the Trojan at the moment."

The Trojan is capable of intercepting and tampering with SMS messages, hiding notifications, redirecting users to their device's home screen if they attempt to run antivirus software, and can be used to remotely lock screens. 

When it comes to information theft, BlackRock is not only able to steal device/OS information and text messages. Instead, ESET says the malware is equipped to steal content from no less than 458 online services.

When an unwitting victim opens the app service they want to access, an overlay attack is performed. This overlay will request the victim's credentials which, once submitted, are then whisked away to the malware's operator. 

Target services include Facebook, Amazon, Netflix, Twitter, Cash App, Lloyds Bank, and a variety of other financial, retail, and cryptocurrency exchange platforms. 

"Using SMS-based two-factor authentication (2FA) to help prevent anyone from infiltrating your accounts wouldn't necessarily help in this case, since the malware can also intercept text messages," ESET says. "The malicious app also asks the victim to enable accessibility services, effectively allowing the criminals to take control of the device."

While the use of a fake Google button may be a clever way to stop victims from realizing they are downloading a malicious .APK, navigating to the Google Play Store platform directly can mitigate the risk of being caught in this way. In addition, keeping device firmware up-to-date, monitoring the permissions you give to new apps, and using mobile antivirus software can help you stay protected.  

Previous and related coverage


Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0


RECENT NEWS

Reassessing AI Investments: What The Correction In US Megacap Tech Stocks Signals

The recent correction in US megacap tech stocks, including giants like Nvidia, Tesla, Meta, and Alphabet, has sent rippl... Read more

AI Hype Meets Reality: Assessing The Impact Of Stock Declines On Future Tech Investments

Recent declines in the stock prices of major tech companies such as Nvidia, Tesla, Meta, and Alphabet have highlighted a... Read more

Technology Sector Fuels U.S. Economic Growth In Q2

The technology sector played a pivotal role in accelerating America's economic growth in the second quarter of 2024.The ... Read more

Tech Start-Ups Advised To Guard Against Foreign Investment Risks

The US National Counterintelligence and Security Center (NCSC) has advised American tech start-ups to be wary of foreign... Read more

Global IT Outage Threatens To Cost Insurers Billions

Largest disruption since 2017’s NotPetya malware attack highlights vulnerabilities.A recent global IT outage has cause... Read more

Global IT Outage Disrupts Airlines, Financial Services, And Media Groups

On Friday morning, a major IT outage caused widespread disruption across various sectors, including airlines, financial ... Read more