Hi Guys,

According to ESET researcher, Lukas Stefanko Cybercriminals are currently targeting Android users with a fake version of the hugely popular Clubhouse App to steal login credentials for hundreds of online services. Here is how it works and also how to protect yourself:

How Does it Work

  • Android users are lured to a fake Clubhouse web page where they can download the malicious software disguised as Clubhouse for Android.
  • The fake webpages that these hackers are using look very real.
  • Once downloaded, the malware will run in the background and copy and send nearly every username and password you type on your device.
  • The malware is configured to listen out for passwords for nearly 500 online services such as Facebook, Amazon, Netflix, Outlook, eBay, Coinbase, and Lloyds Bank.
  • The malware can even get around 2 Factor Authentication by intercepting the 2FA message before the user sees it.

How can you protect yourself?

  • Clubhouse is not available for Android yet so any sites offering it should be avoided.
  • Only download apps from the official Google Play Store.
  • Use our website checker before you visit any websites. We can tell you instantly if the site is safe or not.
  • Use our app audit feature to check what permission apps have on your phone. Does the torchlight app need to be able to record your screen?

Let me know if you need any help with this or with anything else.

All the best,

Max Roberts,
Incognito Privacy Care Team.