Malware, Threat Management

Bogus Android Clubhouse App Drops Credential-Swiping Malware

Researchers from ESET said a fake version of the audio chat app Clubhouse is being used by hackers to deliver malware and steal login credentials from 458 apps, including Amazon, Facebook, Twitter and WhatsApp, Threatpost reports. Currently, Clubhouse is only available on Apple's App Store and attackers are targeting Android users looking to try the app. "To be frank, it is a well-executed copy of the legitimate Clubhouse website. However, once the user clicks on 'Get it on Google Play', the app will be automatically downloaded onto the user's device. By contrast, legitimate websites would always redirect the user to Google Play, rather than directly download an Android Package Kit, or APK for short," said researcher Lukas Stefanko. Social media or third-party websites could have aided the spread of the fraudulent website, which looks similar to the real Clubhouse website, Stefanko added. App credentials most likely targeted by the malware include those from cryptocurrency exchanges, financial and shopping apps, and social media and messaging apps.
Jill Aitoro

Jill Aitoro is senior vice president of content strategy for CyberRisk Alliance. She has more than 20 years of experience editing and reporting on technology, business and policy. Prior to joining CRA, she worked at Sightline Media as editor of Defense News and executive editor of the Business-to-Government Group. She previously worked at Washington Business Journal and Nextgov, covering federal technology, contracting and policy, as well as CMP Media’s VARBusiness and CRN and Penton Media’s iSeries News.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.