Like the (yet not) Android version of that app, the malicious package is distributed from a website See and feel General Real Clubhouse Website . Trojan – nickname “ Black rock ”Detected by ThreatFabric and by ESET products such as Android / TrojanDropper.Agent.HLR – which can steal users’ access data on at least 458 online services.

An ESET investigation has exposed cybercriminals ‘attempt to take advantage of the popularity of the Clubhouse audio chat app to provide malware designed to steal users’ access information on various online services.

The target list includes well-known financial and commercial applications, cryptocurrency transactions and social media and news sites. Twitter, WhatsApp, Facebook, Amazon, Netflix, Outlook, eBay, Coinbase, Plus 500, Cash App and BPVA are all on the list.

“It simply came to our notice then. In fact, it’s a well – executed copy of Clubhouse’s official website. However, after the user clicks ‘Get on Google Play’, the application will be automatically downloaded to the user’s device. Instead, legitimate websites redirect users to Google Play instead of directly downloading the Android Play package kit or APK, ”commented Lucas Stefanco, ESET’s malware analyst responsible for the discovery.

ESET also states that there are signs that something is wrong before the button is clicked because the connection is not secure (HTTP instead of HTTPS) or the site uses a top-level domain called “.mobi” instead. The proper use of “.com”. Another warning sign is that the clubhouse has a plan Android version of your app Soon, the operating system will only be available for the iPhone at the moment.