Black market for invitations and fake apps: the risks around Clubhouse

by time news

Time.news – Unwritten rule of cyber attacks: a bit like fishing, you throw the bait where there is something that can bite. The offensives strike by exploiting the interests of users, current news, trends. It is therefore not surprising that some dangers emerge around Clubhouse, the social network of the moment. Not so much for its characteristics as, precisely, for that unwritten rule: around the Clubhouse there are several fish with lowered defenses. And the bait could work.

The analysts of Kaspersky, a company specializing in IT security, have in fact identified “two main risks linked to the popularity of Clubhouse: the sale of invitations and applications that mimic the legitimate app”. In both cases, the interest of users who wish to enter the social rooms is leveraged.

Invitations for sale

“The first scenario – says Denis Legezo, safety expert from Kaspersky – it is the simplest and consists of monetization on a small scale ”. Clubhouse allows registration only through invitations, available to those who are already on the platform. Given the crowd at the entrance, users who want to enter are much more than the invitations available. As per the law of supply and demand, these passes have therefore acquired value. And someone started selling them (or pretending to sell them). Nothing contrary to the rules: Clubhouse has imagined the mechanism as free, but in the terms of use there is no explicit prohibition on monetizing the invitations (also because demonstrating the exchange of money would be anything but simple).

A black market is thus proliferating on various channels. A Google search is enough to see ads that refer to eBay appear, with prices ranging from 1 to 30 euros. On Twitter, several accounts sell invitations for 5-15 euros: they ask, if interested, to send a direct message and, in most cases, to have a Paypal account.

Money and data: what are the risks

His Reddit, some discussions arose precisely for the purpose of exchanging invitations. The sale is not excluded, as long as it is real. In fact, one of the most popular threads reports some “scams” and indicates (albeit without providing evidence) five users accused of having dropped the bait.

The moderator asks the sellers to “prove that they are actually on Clubhouse, including through screenshots”. For buyers, he advises to “proceed with caution”, especially when asking for money are “newly created Reddit accounts”. And, if possible, have a chat via chat to understand their intentions. Having said that, however, as in any black market, certainty does not exist. Paying (in advance) does not guarantee effective access to the Clubhouse.

His Telegram, dozens of groups have the same purpose. The most popular has more than 78 thousand subscribers. The manager explains to users (in English and Russian) how it works: indicates a card number on which to credit 7 dollars or 450 rubles. Then send a screenshot certifying payment and the phone number needed to sign up. This is probably the real risk, linked to the data. If the promise of access were not respected, the aspiring member would not suffer significant economic damage: he would lose about ten euros. But he would have carried out an operation with his financial data (credit card or Paypal account) and entrusted his phone number to a stranger.

Audio and video exhibited

In addition to the consequences of an invitation market, Kaspersky reports another, more complex and – immediately – less visible: “Attackers can distribute malicious code through popular fake software, such as a fake version of Clubhouse for Android” . The app, at the moment, is in fact only available for iOS, that is, for a minority slice of the mobile market.

“According to the permissions granted in the security settings of the Android device – explain the Kaspersky experts – the malicious fake application could locate the device with various levels of precision, record audio and video, gain access to messaging apps and much more. other”.

Da Clubhouse ai deep fake

There are also some less common risks. “Attackers could implement audio recording functionality on devices where it is allowed. In this case, they would be able to obtain high quality recordings, to be used to refine machine learning algorithms and create more advanced deep fakes ”. Basically, a user could find himself observing someone with his face, which moves and talks like him. A digital alter ego sold off for a few euros or sold due to inattention.

.

You may also like

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.