BlackRock Malware Reappears On Play Store Posing As Clubhouse App

Popular audio chat app Clubhouse has now made it to the news for a not-so-good reason.  A malicious app, posing as Clubhouse Android app appeared online that targeted users with BlackRock malware.

BlackRock Malware As Clubhouse App on Android

Security researchers from ESET have spotted a malicious BlackRock campaign targeting Android users. This campaign leverages the popularity of the Clubhouse app as the malicious application also poses as Clubhouse on Play Store.

Clubhouse is an audio-chat app allowing up to 5000 users to communicate. Currently, the app is only available on iOS as an invite-only app.

Sharing the details in a post, they stated that the malicious application appears as an invite-only version of Clubhouse. Whereas, it also links back to a fake site that impersonates the original Clubhouse website.

As Lukas Stefanko, ESET researcher who discovered this malicious app, stated,

The website looks like the real deal. To be frank, it is a well-executed copy of the legitimate Clubhouse website. However, once the user clicks on ‘Get it on Google Play’, the app will be automatically downloaded onto the user’s device. By contrast, legitimate websites would always redirect the user to Google Play, rather than directly download an Android Package Kit or APK for short.

When downloaded, the app actually drops the BlackRock malware on the target device.

BlackRock is an Android infostealing malware that first caught attention in 2020. At that time, the malware had over 300 different apps on its target list.

However, with the recent campaign, the malware aims at 458 applications that include various financial apps, crypto wallets, e-commerce apps, social media, and IM apps.

Once installed, the malware strives to steal users’ credentials for all the target apps via overlay attacks. Users can’t even protect their credentials via 2FA since the malware also intercepts texts. Plus, it also exploits Android Accessibility Suite to take control of the device.

Stay Wary Of Malicious Apps

According to Stefanko, if users remain vigilant while downloading apps from any website, they can easily identify legit and fake apps.

For instance, in the case of Clubhouse malicious app, the fake website, despite the great resemblance to the original site, lack HTTPS and had a different domain.

Fake Clubhouse website (left) vs the original site (right). Source: ESET

Also, users can implement various security best practices to stay safe from such threats. These include downloading apps from official app stores only, reviewing app permissions before installing an app, keeping the device OS and apps updated, and switching to stronger 2FA methods instead of conventional SMS.

Let us know your thoughts in the comments.

Related posts

Hard-Coded Credentials Vulnerability Found In Kubernetes Image Builder

Critical Vulnerability Patched In Jetpack WordPress Plugin

Astaroth Banking Malware Runs Actively Targets Users In Brazil