The malware injected by the fake Clubhouse app can target well-known financial and shopping apps, cryptocurrency exchanges, as well as social media and messaging platforms such as Twitter, WhatsApp, Facebook, Amazon, Netflix, Outlook, eBay, and Coinbase.
Audio-based social networking platform Clubhouse, which has gained immense popularity in the last few weeks, is currently limited only to iOS devices. Although it will soon be expanding to Android smartphones also, the Clubhouse app currently available on Google Play Store is fake and it is reportedly injecting malware that is stealing user data.
The imposter Clubhouse application for Android contains a trojan that has been nicknamed “BlackRock”. The malware was spotted by Ireland-based ESET researcher Lukas Stefanko, who has said in a blog post that BlackRock gains unauthorised login credentials from over 450 applications and is also capable of bypassing SMS-based two-factor authentication.