ESET malware researcher Lukas Stefanko found a clone of the official Clubhouse website pushing the BlackRock malware. And because the official website is so simple, it’s not too difficult to make a perfect copy of it. Though naturally, there’s something that gives its identity as a poser away. One is that it uses the .mobi domain rather than .com that the official Clubhouse website uses. The other is that the Apple App Store download button is replaced with one for the Google Play Store. And when you do hit the button, rather than redirecting you back to the Google Play Store like most legit apps, it downloads the malware to your device directly.
— ESET research (@ESETresearch) March 16, 2021 The ESET report on the fake Clubhouse for Android website also explains the nature of the BlackRock Trojan type malware. What it does is scans your device for login data and steals them. And it does so for over 458 online services, from messaging and social media apps all the way to shopping and banking. It’s a sophisticated attempt to infect victims to be sure, but not being one is, in contrast, pretty simple. And it’s down to simply killing the FOMO and accepting that Clubhouse for Android is a few months away. (Source: ESET)
