A FAKE Clubhouse app scam is trying to steal private logins and passwords from Android users.
Clubhouse doesn’t officially have an Android version yet so cybercriminals are taking advantage of people eagerly waiting to join the exclusive app.
The popular invitation-only audio chat app is currently only avaliable on Apple devices.
Clubhouse does intend to create an Android version but, while we wait, online hackers have created a fake website that makes it seem like you can already download it on the Google Play Store.
ESET malware researcher Lukas Stefanko discovered the fake website and app that are designed to look exactly like Clubhouse.
Once downloaded, the fake Android Clubhouse app will not give you access to the service but it will upload a virus to your device and start trying to harvest your login details from 458 other apps.
2
2
The cybercriminals are trying to steal passwords for hundreds of popular apps like Twitter, Facebook, Lloyds Bank, Amazon, Netflix, WhatsApp, eBay and Microsoft Outlook.
The malware can also intercept text messages and will ask for permission to get more access to a device.
The scam uses what experts call a BlackRock trojan virus that downloads onto a victim’s phone as soon as they click the link to download the fake app.
The virus then uses something called an ‘overlay attack’ to steal data.
An overlay attack means that when someone with the virus opens one of the targeted apps on their Android device, the trojan creates a fake overlay version of the app’s login page.
The victim then unknowingly types their login and password into the overlay and hands their details over to the cybercriminals running the campaign.
Stefanko wrote on an ESET blogpost: “The website looks like the real deal. To be frank, it is a well-executed copy of the legitimate Clubhouse website.
“However, once the user clicks on ‘Get it on Google Play’, the app will be automatically downloaded onto the user’s device.
“By contrast, legitimate websites would always redirect the user to Google Play, rather than directly download an Android Package Kit, or APK for short.”
There’s other ways to tell this is a scam including that the website address uses “.mobi” instead of “.com” and that when someone clicks to download the app its name appears as “Install” rather than “Clubhouse”.
You should always be wary of the permissions you give to apps and only ever download from the official app store for your device like the Google Play Store or App Store on iPhone.
What is Clubhouse?
Here’s what you need to know…
Clubhouse is an audio-only social media app allowing casual drop-in talks between people from all over the world.
Those who can get inside will find a variety of topics being discussed in chat rooms, with people from all over hosting talks on subjects like music, film, culture, race, tech, and beauty.
According to its creators, “it’s a place to meet with friends and with new people around the world—to tell stories, ask questions, debate, learn, and have impromptu conversations on thousands of different topics.”
Each new member is granted one invite, so your invitation is likely to come from a friend already on the app.
If you’re an iPhone user, you can download the app and reserve a username.
But Clubhouse insists “it’s not intended to be exclusive” saying it is working to make the app available to all.
Celebrities are already enjoying the exclusive benefits of Clubhouse.
Current known users include Kanye West, Drake, Oprah, Ashton Kutcher and Kevin Hart.
Hackers break in to Florida water treatment plant system and try to POISON supply by remotely adding ‘caustic’ chemicals in ‘dangerous’ amounts
THROUGH FIRE AND FLAMES
Drone films flight THROUGH erupting volcano as it spews lava
TUNE IN
Samsung Galaxy Buds+ are now 50% off – for a limited time only
THE PRICE IS…WRONG
Someone just bought a VIRTUAL house for $500,000
GOING VIRAL
WhatsApp users warned over bogus new Covid-19 text ‘causing havoc for NHS’
BAD CHAT
Beware this WhatsApp scam – it steals your messages and even hacks your family too
GOLDEN OLDIE
WhatsApp ‘Martinelli’ virus hoax is spreading online – DON’T fall for it
In other news, Instagram is being used by ‘Neo-Nazis’ to recruit young people, according to a new shocking report.
Stunning footage of Iceland’s erupting volcano has been captured by a low flying drone which got terrifyingly close to the boiling lava.
And, Google is under fire for harvesting internet data of users browsing in Incognito Mode.
Do you use Clubhouse? Let us know in the comments…
We pay for your stories! Do you have a story for The Sun Online Tech & Science team? Email us at [email protected]
This post first appeared on Thesun.co.uk
