Clubhouse for Android? Nope, just sneaky password-stealing malware

1. Domicile
2. News
3. Security

Clubhouse for Android? Nope, just sneaky password-stealing malware

(Image credit: Shutterstock)

If you're pining to employ Clubhouse on Android, don't be likewise eager as you might fall prey to this simulated Clubhouse Android app that installs countersign-stealing malware.

Discovered by ESET and written up in a blog mail yesterday, the fake Clubhouse app installs the BlackRock Android Trojan, which we first wrote about last summer.

• Clubhouse app hacked, sound reposted — what y'all need to know
• The best Android antivirus apps
• Plus: Samsung Galaxy Z Fold three colors — and a design surprise

This fraudulent app is trying to cash in on the Clubhouse craze, which has seen the 11-month-former iPhone voice-chat app skyrocket in popularity following celebrity endorsements from the likes of Elon Musk.

The imitation Clubhouse app is delivered by a bogus Clubhouse website that looks exactly similar the official site, ESET said.

There are only two differences: The ".com" in "joinclubhouse.com" is replaced by a different top-level-domain suffix, and the official Apple button to "Download on the App Store" is replaced by one that looks like the real Google app button, which reads "Get information technology on Google Play."

If you're on your Android phone and you click that fake link to the Google Play Store, an app called "Install" will download to your phone and prompt you "Enable Install." This will work only if you lot've given Chrome, or whichever of the best Android browsers yous're using, permission to install apps.

How to avert joining the incorrect Clubhouse

To forestall being hoodwinked by this false Clubhouse app, make sure that only Google Play can install or update software on your Android device. Go into Settings > Apps & Notifications > Special App Access > Install unknown apps and make sure no apps take this power.

You'll also want to exist running one of the best Android antivirus apps, which volition cake the BlackRock Trojan from installing and find whatsoever other malware you may already have on your phone or tablet.

BlackRock mimics the login screens of hundreds of Android apps, including Amazon, eBay, Facebook, Gmail, Google Play, Hotmail, Instagram, Microsoft Outlook, Netflix, PayPal, Twitter, Uber, WhatsApp and Yahoo Mail, plus every major bank yous've ever heard of. It also fakes the credit-card-entry screens of dozens of other apps.

Put your username, password or credit-bill of fare number into 1 of BlackRock's fake login screens, and yous can kiss them goodbye.

Having ii-factor authentication (2FA) activated doesn't always work, says ESET, because BlackRock can intercept text messages. That's 1 reason it'southward better to apply an authenticator app or a USB security central every bit your "second" 2FA factor.

• More: Malware stealing Amazon, Facebook and Google passwords — protect yourself

Paul Wagenseil is a senior editor at Tom'southward Guide focused on security and privacy. He has likewise been a dishwasher, fry melt, long-haul driver, lawmaking monkey and video editor. He'south been rooting around in the information-security space for more than xv years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random Television receiver news spots and even chastened a panel discussion at the CEDIA home-applied science conference. You can follow his rants on Twitter at @snd_wagenseil.

Source: https://www.tomsguide.com/news/bogus-clubhouse-app-malware

Posted by: henrysuraceent.blogspot.com

Share this post