ESET malware researcher Lukas Stefanko detected a malware that aims to steal user login information from cybercriminals on many online services. The malware is trying to take advantage of the popularity of the Clubhouse app and deceive users over a fake android version of the Clubhouse app that doesn’t actually exist. This malware can hijack login credentials from 458 apps and bypass SMS-based two-factor authentication.

Clubhouse app does not have an Android version

Disguised as the Android version of the invite-only voice chat app (no such version currently exists), this malware package is delivered from a website that looks like the real Clubhouse website. The Android / TrojanDropper of ESET products, nicknamed “BlackRock” by ThreatFabric. Agent. The trojan horse, which it detects as HLR, can steal users’ login information in more than 458 online services. The target list includes social media and messaging platforms as well as well-known financial and shopping applications. Twitter, WhatsApp, Facebook, Amazon, Netflix, Outlook, eBay, Coinbase, Plus500, Cash App, BBVA and Lloyds Bank are just a few of the apps on the list.

Trying to steal user information

“The website looks real,” said Lukas Stefanko, ESET researcher. A really well executed copy of the legitimate Clubhouse website. However, when the user clicks the “Download from Google Play” button, the application is automatically downloaded to the user’s device. In contrast, legitimate websites always direct users to Google Play instead of directly downloading an Android Package Kit (APK). ”

There are indications that things are not right even before you click the button; eg the connection is not secure (HTTP instead of HTTPS) or this site is used by legitimate practice “. com instead of “. mobi ”is using the top level domain name (TLD). Another tip that the app is fake is that it is for Android. Although Clubhouse plans to launch the Android version of the app in the near future, the platform is currently only available on iPhones. After the victim got the error of downloading and installing the BlackRock trojan horse, the trojan horse tries to steal user information. In other words, when the user opens one of the targeted applications, the malware creates the data-stealing view of the application and prompts the user to log in. Instead of logging in, the user unknowingly gives cybercriminals all their login information.

Using SMS-based two-factor authentication (2FA) to prevent someone from entering your accounts won’t work in this situation, as the malware also blocks text messages. Also, the malicious application asks the victim to enable accessible services as well so criminals can effectively take control of the device.

What users need to pay attention to

• Use only official stores to download apps to your devices.
• Make sure what permissions you give on apps.
• Make sure your device is up-to-date, paying attention to the automatic installation of updates and patches.
• If possible, use software-based or hardware-generated one-time (OTP) passwords instead of SMS.
• Before downloading an application, research about the developer of the application, read ratings and user feedback about the application.
• Use a security product to prevent malicious applications that can be downloaded by mistake.