Strategy, Threat intelligence, Threats, Malware

Bogus Android Clubhouse App Drops Credential-Swiping Malware

March 19, 2021
Researchers from ESET said a fake version of the audio chat app Clubhouse is being used by hackers to deliver malware and steal login credentials from 458 apps, including Amazon, Facebook, Twitter and WhatsApp, Threatpost reports. Currently, Clubhouse is only available on Apple's App Store and attackers are targeting Android users looking to try the app. "To be frank, it is a well-executed copy of the legitimate Clubhouse website. However, once the user clicks on 'Get it on Google Play', the app will be automatically downloaded onto the user's device. By contrast, legitimate websites would always redirect the user to Google Play, rather than directly download an Android Package Kit, or APK for short," said researcher Lukas Stefanko. Social media or third-party websites could have aided the spread of the fraudulent website, which looks similar to the real Clubhouse website, Stefanko added. App credentials most likely targeted by the malware include those from cryptocurrency exchanges, financial and shopping apps, and social media and messaging apps.
Jill Aitoro

SC Media Editor in Chief Jill Aitoro has 20 years of experience editing and reporting on technology, business and policy. She also serves as editorial director at SC Media’s parent company, CyberRisk Alliance. Prior to joining CRA, she worked at Sightline Media as editor of Defense News and executive editor of the Business-to-Government Group. She previously worked at Washington Business Journal and Nextgov, covering federal technology, contracting and policy, as well as CMP Media’s VARBusiness and CRN and Penton Media’s iSeries News.

prestitial ad