Security News > 2021 > March > Bogus Android Clubhouse App Drops Credential-Swiping Malware
Researchers are warning of a fake version of the popular audio chat app Clubhouse, which delivers malware that steals login credentials for more than 450 apps.
As of now the app is only available on Apple's App Store mobile application marketplace - there's no Android version yet.
Cybercriminals are swooping in on Android users looking to download Clubhouse by creating their own fake Android version of the app.
To add a legitimacy to the scam, the fake app is delivered from a website purporting to be the real Clubhouse website - which "Looks like the real deal," said Lukas Stefanko, researcher with ESET. "To be frank, it is a well-executed copy of the legitimate Clubhouse website," said Stefanko on Friday.
In a commonly-used tactic by Android malware, the malicious app also asks the victim to enable accessibility services on the phone in order to grant itself permissions on the phone without the victim's knowledge.
While this malicious app is in no way affiliated with the legitimate Clubhouse app itself, researchers warn that more sham Clubhouse apps will appear in the future - particularly while the demand for a yet-to-be rolled out Android version continues.
News URL
https://threatpost.com/android-clubhouse-app-malware/164915/
Related news
- TrickMo malware steals Android PINs using fake lock screen (source)
- Russia targets Ukrainian conscripts with Windows, Android malware (source)
- Android malware "FakeCall" now reroutes bank calls to attackers (source)
- New FakeCall Malware Variant Hijacks Android Devices for Fraudulent Banking Calls (source)
- New Android Banking Malware 'ToxicPanda' Targets Users with Fraudulent Money Transfers (source)
- Cyber crooks push Android malware via letter (source)
- Warning: DEEPDATA Malware Exploiting Unpatched Fortinet Flaw to Steal VPN Credentials (source)