If you're an Android user feeling left out of the invite-and-iOS-only Clubhouse hype, be extra cautious about fake versions in the app marketplace. Malware researcher at EST Lukas Stefanko reports that cybercriminals have created a fake Android version of Clubhouse that tricks people into handing their user credentials over through the standard login process.
Stefanko says that the fake app is able to harvest user credentials from 458 online sites including financial, retail service, digital currency, and even messaging programs. If a user downloads this fake Clubhouse app, cybercriminals can access their Coinbase, Netflix, Amazon, Facebook, Twitter, and bank-related information.
The fake Clubhouse app comes with a trojan titled "BlackRock" which creates an overlay attack, according to Stefanko. This attack will launch an app for the user and create an overlay of the program. Once it does so, it asks the user to log into the app by asking for their credentials, which then end up with the creators of the trojan. BlackRock then harvests these credentials, giving cybercriminals invasive control of unwitting users’ devices.
Clubhouse sparks copycats — This kind of exploitation was bound to happen as the Clubhouse wave is impossible to deny. The stats for the audio app paint a picture of stunning meteoric success in relatively short time. A February study of the app showed that Clubhouse boasted 600,000 weekly active users in December 2020. It currently brags 10 million weekly active users, according to the research. Its value of $100 million in May 2020 shot up and currently stands at $1 billion.
Prominent venture capitalist firms like Andreessen Horowitz have supplied major investment in the app alongside more than 180 organizations. In the Apple App Store, Clubhouse is enjoying a cozy spot at number five for "social networking" programs, per TechRadar. It’s not wrong to say that Clubhouse is currently the king of all audio apps.
Naturally, a rat race ensues when an app wins a global following. Twitter has tried competing with a tepid equivalent called Spaces, Facebook is speculated to be working on a parallel, even billionaire entrepreneur Mark Cuban is trying to break into the market with Fireside. But while some try to complete fairly in the marketplace, others just take the easy way out and let malware do the work.