New Delhi: Cybersecurity researchers on Friday discovered a malicious Android version of the invitation-only audio chat app Clubhouse that is served from a website that has the look and feel of the genuine website.
The Android trojan — nicknamed “BlackRock” by ThreatFabric and detected by Slovak internet security firm ESET — can steal victims’ login credentials for more than 450 apps and bypass SMS-based two-factor authentication.
For starters, Twitter, WhatsApp, Facebook, Amazon, Netflix, Outlook, eBay, Coinbase, Plus500, Cash App, BBVA and Lloyds Bank are all on the list.
“Cybercriminals are attempting to take advantage of the popularity of Clubhouse to deliver malware that aims to steal users’ login information for a variety of online services,” said ESET malware researcher Lukas Stefanko.
The target list includes well-known financial and shopping apps, cryptocurrency exchanges, as well as social media and messaging platforms. Clubhouse was yet to react to the report.
Related stories
Subscribe
- Never miss a story with notifications
- Gain full access to our premium content
- Browse free from up to 5 devices at once
Latest stories