A malicious Android Trojan posing as the audio-chat app Clubhouse has been detected by researchers that can compromise over 450 apps.
According to the security analysis carried out by a Slovak internet cybersecurity organization, the Android trojan named BlackRock is a malicious version of the Clubhouse audio-chat app is deployed via a very legitimate and authentic-looking website that has severe mal-abilities.
Severe mal-abilities of the Android trojan:
The Android trojan BlackRock can seemingly bypass the two-factor SMS authentication integrated for most of the apps for security purposes and can steal the login credentials of users of over 450 apps as aforementioned.
Some of the major apps vulnerable to the attack of the BlackRock trojan include apps like Twitter, WhatsApp, Facebook, Amazon, Netflix, Outlook, eBay, Coinbase, Plus500, Cash App, BBVA, and Lloyds Bank.
Deploying the Android trojan “BlackRock”:
Reportedly, the popularity of Clubhouse is the purpose of utilizing the particular app to deliver the trojan in an attempt to setal individual login credentials.
Experts are of the opinion that the android trojan version of the Clubhouse app is a rather well-executed version of the official Clubhouse website.
When a victim clicks on ‘Get it on Google Play, the malicious app gets automatically downloaded on the victim’s device.
In a normal case scenario, for any authentic website, after clicking on ‘Get it on Google Play, users should get directed to the Google Play website or application rather than directly downloading an Android APK.
Once downloaded and installed, the Android trojan BlackRock is deployed through the app and then employs an overlay attack to steal the victim’s login credentials.
Simply put, when the users launch one of the targeted applications, the android trojan will integrate a data-stealing overlay of the application and request the user to log in. Hence, instead of logging in, the users unknowingly submit their credentials to the malicious actors.
The malicious app also asks the victim to enable accessibility services, that can allow the malicious actors to take control of the device.
Clubhouse is yet to comment on the matter of a malicious trojan posing as the app.
The app is currently available on Apple App Store and has been downloaded more than 8 million times. Its Android version is set to arrive soon as the company is working on it.