Clubhouse for Android? No, it's a fake hiding malware

People seem to always want things they can’t have. It can be a dangerous way of thinking and can lead to unintended consequences. The latest example is the invite-only social media site Clubhouse. Tap or click here to see what Clubhouse is.

The audio chat application has steadily been rising in popularity because not everybody who wants it has it. This creates an unrealistic drive to acquire access, and in some cases, people have been swindled out of money in pursuit of it.

Fairly unknown until Elon Musk tweeted about it, Clubhouse is only available on iOS for now. There are plans to release an Android version, which has spurred scammers to target those who want access at whatever cost.

Here’s the backstory

Invitation-only is a very effective way to create intrigue. It takes a page from basic economics and turns it into a must-have among those who don’t have access. Cybercriminals are using this to trick people into downloading a fake version of Clubhouse.

The app is officially only available for iOS devices, but scammers have set up a bogus website where you can download an imposter Android version. To be clear, there is no Android version (yet), but the website has been made to look very authentic.

The site is similar to the real Clubhouse page, so it’s easy for people not to recognize that it’s completely fake. But instead of having the button for the iOS download, it has been replaced with a “Get it on Google Play” button.

Here’s why it’s dangerous

In addition to there being no official Android app, cybersecurity company ESET did some digging into the app’s code. They found the hallmarks of malicious code, and when it’s installed on your phone, it can steal your banking info.

“The Trojan – nicknamed ‘BlackRock’ by ThreatFabric and detected by ESET products as Android/TrojanDropper.Agent.HLR – can steal victims’ login data for no fewer than 458 online services,” ESET’s Amer Owaida wrote in a blog post.

Here are some of the services the malicious app can steal information from:

Continue reading

The online security mistake you're making right now - and how to fix it

If you stay logged in to your online accounts across your devices, you can access what you need quickly. Your username and password are safe if you’re signed into your own devices, right? Wrong.

You might save you a few seconds here and there, but this practice opens you up to being snooped on by a nosy friend, partner or coworker — and it could cause even more trouble if someone you don’t know gets their hands on your device. A cybercriminal can have a field day with your Amazon account, digital wallet, social media accounts or banking info.

Continue reading

Thousands on imposter websites are stealing your banking info

Open/download audio

Scammers are operating websites masquerading as major brands. I’ll tell you what to look out for, in one minute.