Security experts discovered that there is a new fake Clubhouse application that is currently attacking various social media and bank accounts. Previously, Clubhouse was visited by Elon Musk and other big names in different industries to share their plans and other thoughts on how to improve their services or products.
This is the reason why Clubhouse, an audio app, became really popular. And now, malicious actors decided to develop a fake Clubhouse application that exploits new malware called BlackRock. This new device virus can steal sensitive credentials from more than 458 services, including Twitter, WhatsApp, Facebook, and Amazon.
Aside from these social media sites and shopping apps, the new fake Clubhouse application could also inject the BlackRock malware on bank accounts and cryptocurrency exchanges. If the new malicious audio service is really efficient, this could lead to a serious security issue since most people are now doing their bank transactions online. If you are also worried that this new malicious service could fool you, here’s how its system works. Knowing this info could also help you avoid it.
How the new fake Clubhouse works
The new fake Clubhouse application works when the user clicks on the button that purports to download the audio platform. It will release the new BlackRock trojan malware into the device. On the other hand, this new computer virus is a variant of the LokiBot Trojan, which attacks not just financial and banking apps, but also a massive list of well-known and commonly used brand-name apps on Android devices.
Once the fake Clubhouse releases the new malware, it will start to swipe credentials using an overlay attack, which is a common type of attack for malicious Android apps. In this type of attack, the malware will create a data-stealing overlay of the application that the victim is navigating to, and request the user to log in. However, while the victim believes he is logging in, he is unwittingly handing over his credentials to the cybercriminals.
Aside from this, the new malicious app also asks the users to activate accessibility services on the phone in order to grant themselves permission on the phone without the victim’s knowledge. Once they enabled it, the malware will have the required permissions to access their camera, SMS messages, contacts, and other sensitive info that could be used to hack their bank and social media accounts.
How to identify it
Security experts said that users can spot the new fake app since its name is “Install” instead of “Clubhouse.”
Lukas Stefanko, a security expert at ESET, explained that “this demonstrates that the malware creator was probably too lazy to disguise the downloaded app properly, it could also mean that we may discover even more sophisticated copycats in the future.”
On the other hand, there are also various methods you can use to know if an app is fake or legit. Here are some of them;
- CHECK ON THE DATE
- CHECK THE REVIEWS
- BEWARE OF DISCOUNTS
- READ THE DESCRIPTION
- LOOK AT THE SCREENSHOTS
- CHECK THE NUMBER OF DOWNLOADS
We are a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for us to earn fees by linking to Amazon.com and affiliated sites.