Reading Time: 3 minutes
A fake Android Clubhouse App version is making rounds, the app is known to be spreading the Black Rock Malware. The Black Rock Malware is known to have stolen credentials from nearly 458 services which include Twitter, WhatsApp, Facebook, and Amazon.
The Clubhouse is a popular audio chat iOS app where members can join only via an invite. Within a short span of a year since it is launched has created waves as well as controversies. Earlier the audio chat app has been banned in countries like Oman and China.
Officially the Clubhouse app is only available for iOS users on the Apple App Store. But recent reports suggest a fake Android Clubhouse app is making rounds. Plans for developing an official Android version are in progress.
The popularity of the app has got the scammers busy. The cybercriminals are now targeting Android users into downloading the fake Android version of Clubhouse. To make the fake Android Clubhouse App look legit they are mimicking the app to look like the real deal.
Malicious web claiming to offer #Clubhouse for Android spreads banking trojan Blackrock. It lures credentials from 458 apps – financial, cryptocurrency exchanges & wallets, social, IM and shopping apps. There is currently no official Clubhouse app for Android. #ESETresearch 1/2 pic.twitter.com/azlxjvIgNO
— ESET research (@ESETresearch) March 16, 2021
Lukas Stefanko, a researcher with ESET said the hackers are making the copy look identical to the Clubhouse website. But once the users click on ‘Get it on Google Play the app automatically gets downloaded onto the user’s phone.
However, the legit Clubhouse App will redirect to Google Play and not download the Android Package Kit (APK).
He further added, it is not clear how the victims discover the website. Perhaps it is spread via social media or third-party websites such as forums. The fake website looks identical to the real one, where users can join via an invite from an existing user. “Sign up to see if you have friends on Clubhouse who can let you in.” message shows up to click. While the real website redirects users to download the app on the store. While the fake site misleads users to get the app on Google Play.
There are many telltale signs on taking a closer look at the fake website. Firstly it is an HTTP connection and not a secure HTTPS. The other indicator is the site uses .mobi a top-level domain rather than the .com used by the legitimate domain.
What is Black Rock Malware?
Black Rock Malware is based on a leaked source code of Xeres malware. It is a variant of the LokiBot trojan that attacks not just financial and banking appsIt was detected by ESET products as Android/TrojanDropper.Agent.HLR. According to the researchers, Malware is capable of stealing victim’s login data from nearly 458 online services.
The major difference between Black Rock Malware and other Android banking trojans is it can target more apps than the previous malware around.
Black Rock Malware is known to target industries such as Android, Banking, Entertainment, Social Media, Communication. Among the targeted list of apps includes many financial and shopping, cryptocurrency exchanges, social media, and messaging apps.
Popular apps on its list include Twitter, WhatsApp, Facebook, Amazon, Netflix, Outlook, eBay, Coinbase, Plus500, Cash App, BBVA, and Lloyds Bank.
Black Rock Malware uses the overlay attack tactic where it creates a data-stealing overlay of the application. While the victim is navigating and requests the user to login. Instead of logging in the victim is handing over his credentials to the cybercriminals.