Security News > 2021 > March > Bogus Android Clubhouse App Drops Credential-Swiping Malware
Researchers are warning of a fake version of the popular audio chat app Clubhouse, which delivers malware that steals login credentials for more than 450 apps.
As of now the app is only available on Apple's App Store mobile application marketplace - there's no Android version yet.
Cybercriminals are swooping in on Android users looking to download Clubhouse by creating their own fake Android version of the app.
To add a legitimacy to the scam, the fake app is delivered from a website purporting to be the real Clubhouse website - which "Looks like the real deal," said Lukas Stefanko, researcher with ESET. "To be frank, it is a well-executed copy of the legitimate Clubhouse website," said Stefanko on Friday.
In a commonly-used tactic by Android malware, the malicious app also asks the victim to enable accessibility services on the phone in order to grant itself permissions on the phone without the victim's knowledge.
While this malicious app is in no way affiliated with the legitimate Clubhouse app itself, researchers warn that more sham Clubhouse apps will appear in the future - particularly while the demand for a yet-to-be rolled out Android version continues.
News URL
https://threatpost.com/android-clubhouse-app-malware/164915/
Related news
- New FireScam Android malware poses as RuStore app to steal data (source)
- New FireScam Android data-theft malware poses as Telegram Premium app (source)
- FireScam Android Malware Poses as Telegram Premium to Steal Data and Control Devices (source)
- DoNot Team Linked to New Tanzeem Android Malware Targeting Intelligence Collection (source)
- Crypto-stealing iOS, Android malware found on App Store, Google Play (source)
- North Korean APT Kimsuky Uses forceCopy Malware to Steal Browser-Stored Credentials (source)
- SpyLend Android malware downloaded 100,000 times from Google Play (source)