How trojan virus disguised as Clubhouse android app spread

Written By Ross Francis

Launched in April last year, Clubhouse is an audio-chat app that allows groups up to several thousand strong to drop into rooms to voice chat about various topics. Since its launch, it has seen widespread popularity and has been downloaded by around 13 million people, leaping from about 3.5 million in February.

Currently, the Clubhouse app is only available on iOS, and the Android version is being eagerly awaited by millions of potential users. Cybercriminals saw this as an opportunity and released an Android version of the app, which was disguised as malware designed to harvest a victim’s data.

An expert cybersecurity company ESET were the first to notice the Trojan, and have warned that the malware can steal login credentials from over 450 apps and bypass SMS-based two-factor authentication.

On the malware’s target list are numerous popular social media and messaging platforms, financial apps, and shopping sites including Twitter, WhatsApp, Facebook, Amazon.

How did it happen?

Just like the story of the Trojan Horse from antiquity, the Trojan malware appears to be something that you want — in this case, it was the Android version of the Clubhouse app which was available from a website designed to mimic Clubhouse’s official website. However, users attempting to download the app were instead duped into downloading a package nicknamed ‘BlackRock,’ also known as Android/TrojanDropper.Agent.HLR.

Once a Trojan has access to your computer, the consequences can be far-reaching. The majority of Trojans can have the ability to take full control of your device, and it can also mean that anything you do on the computer gets recorded and sent to a server specified by the Trojan.

Unsurprisingly, this can be very damaging, no more so than if you use your device for financial transactions, as the Trojan can send your credit card or banking information to malicious actors.

How does the "BlackRock" Trojan work?

In this particular case, to steal data, the Trojan creates an overlay attack every time the user opens one of the targeted apps. The victim is prompted to log in to the app and if they do, cybercriminals get access to their credentials.

The malware can intercept text messages, bypassing two-factor authentication, and even asks the victim to enable accessibility services, which turns your device into a zombie, while criminals have full control over it.


How could it have been prevented?

As with protecting against most common cybersecurity threats, Vambrace always prioritises effective cybersecurity software as your front line of protection. Our effective internet security solutions run fast and frequent scans which warn you as soon as a Trojan is detected on your system.

Here are a few of our recommendations on best practices on how to protect yourself from a Trojan attack similar to the one we have seen coming from the clandestine Android Clubhouse app:

  • Never download or install software from a source you are not completely sure is safe.

  • Never open an attachment or run a programme that you received in an email from an unknown sender.

  • Always make sure that the software on your computer has the latest updates.

  • Install Trojan antivirus software and make sure it is running on all devices possible.

For more information on how to ensure that your business is cyber-secure, check out the rest of our blog. For further guidance on anything cyber-related, get in touch with one of our cybersecurity experts here.

Ross Francis
Previous

Cyber Stories: American hospitals fall victim to ransomware attack
Next

Vambrace’s Partnership with Snyk