A fake website has appeared offering to download a version of the popular Clubhouse app on Android smartphones.
As stated in the ESET blog, the fake site looks similar to the real site, but is included at joinclubhouse.mobi.
According to the Russian newspaper “Roskaya Gazeta” website, clicking on the “Google Play” store logo (with the signature on the word “Get it”
In Google Play) to download the malicious APK file immediately.
Once you enter the system, the Trojan horse application called “BlackRock” starts running in conjunction with other applications, including “Twitter”, “WhatsApp”, “Facebook”, and others.
Once you enter the system, the Trojan horse application called “BlackRock” starts running in conjunction with other applications, including “Twitter”, “WhatsApp”, “Facebook”, and others.
Instead of the original application window, the user will see a fake window (with a suggestion to enter a username, password, or other personal information). In this way, data is stolen and transferred to hackers.
In total, BlackRock can steal the login credentials of more than 450 different online services. The Trojan horse can also intercept SMS messages to bypass two-factor authentication.
source: sputnik