A new malicious app is being advertised that is pretending to be an Android version of the Clubhouse Application, which currently only available on iOS. Clubhouse is an invitation-only audio chat app that allows users to listen in on conversations in real-time. ESET researchers discovered the fake Android application being distributed through a cloned Clubhouse website. the cloned website uses a link labeled “Get it on Google Play,” though the application has been blocked by the Google Play security functions. The button is being used to trick people into believing the application is coming from the Google Play store. Once downloaded, the malicious application will download a malicious .APK that deploys the BlackRock banking trojan. The trojan was discovered in 2020 and was traced back to Xerxes and LokiBot, both of which had source code leaked online. The Trojan can intercept and tamper with SMS messages, hide notifications, redirect users to their device’s home screen if they attempt to run antivirus software, and can be used to remotely lock screens. Not only can BlackRock steal device information and text messages, but it can also steal content from approximately 458 online services.
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is