Security News > 2021 > March > Bogus Android Clubhouse App Drops Credential-Swiping Malware

Researchers are warning of a fake version of the popular audio chat app Clubhouse, which delivers malware that steals login credentials for more than 450 apps.

As of now the app is only available on Apple's App Store mobile application marketplace - there's no Android version yet.

Cybercriminals are swooping in on Android users looking to download Clubhouse by creating their own fake Android version of the app.

To add a legitimacy to the scam, the fake app is delivered from a website purporting to be the real Clubhouse website - which "Looks like the real deal," said Lukas Stefanko, researcher with ESET. "To be frank, it is a well-executed copy of the legitimate Clubhouse website," said Stefanko on Friday.

In a commonly-used tactic by Android malware, the malicious app also asks the victim to enable accessibility services on the phone in order to grant itself permissions on the phone without the victim's knowledge.

While this malicious app is in no way affiliated with the legitimate Clubhouse app itself, researchers warn that more sham Clubhouse apps will appear in the future - particularly while the demand for a yet-to-be rolled out Android version continues.

News URL

https://threatpost.com/android-clubhouse-app-malware/164915/