Have you heard about the new social network application called Clubhouse? Well it’s an exclusive invite-only audio-based social network that was launched during the pandemic in March 2020 when we all had to social distance and traveling was banned for people across the world, the application was created by Paul Davison and Rohan Seth,
It’s the new app that everyone is currently going crazy for(myself included, but it’s not a reason enough to buy a new iPhone),
So how does the Clubhouse app work? Well, a user can join an existing ‘room’ or create their own rooms Inside the app, where you can enter to listen or participate in conversations with Bill Gates, Tiffany Haddish, Oprah, on a topic chosen by the room moderator. The app has gotten so much traction that within the last few weeks, that the company that developed the application are working on the app for the android user that will be released in the coming months.
But there is a catch for the moment the Clubhouse app is only available for iPhone users for the first time in a long time am currently regretting being an Android lover.
And of course, with its popularity, cybersecurity criminals couldn’t pass up the opportunity to create a fake Clubhouse website embedded with a Trojan known as (BlackRockandroid) to fool users into downloading it, so they can steal the users’ login credentials for over 450 services such as:
- Amazon
- Netflix
- Outlook
- eBay
- Coinbase
- Plus500
- Cash App
- Lloyd Bank and so much more…….
How does it work? The fake app isn’t available on the Play Store, so the attackers circulate malicious links across different social media platforms and eager android users like myself might fall for it and once the link is clicked It then requests the users to log into the app by providing their credentials which once provided is accessed by the Trojan creators and the malicious actors now have control of the unwitting user’s device meaning that they can get access to everything (scary right)!
Why you can easily be fooled The thing is that the fake clubhouse looks exactly like the real iOS clubhouse, and you have countless android users like myself waiting not so patiently for the release of the Clubhouse Android(which should be arriving…), however, once you click on the malicious link that would say ‘Get it on Google Play‘ the application would then directly be downloaded into the user’s computer and which in exchange gives access the attacker, where he can then steal your login credentials.
How to prevent yourself from this attack It’s important to recognize the fake clubhouse website and application is easy as it uses the top-level domain ‘.mobi’ instead of the ‘.com’. When a user downloads the fake clubhouse application, instead of the downloaded application bearing the name ” Clubhouse” it has the name “install” if you see that please delete the program from your computer.
So my fellow android users I would recommend that we be patient and wait for the official release of the app that will be announced on the official clubhouse website, and not fall for the fake app that might leave us bankrupt or hacked.
