Time.news – Unwritten rule of cyber attacks: a bit like fishing, you throw the bait where there is something that can bite. The offensives strike by exploiting the interests of users, current news, trends. It is therefore not surprising that some dangers emerge around Clubhouse, the social network of the moment. Not so much for its characteristics as, precisely, for that unwritten rule: around the Clubhouse there are several fish with lowered defenses. And the bait could work.
The analysts of Kaspersky, a company specializing in IT security, have in fact identified “two main risks linked to the popularity of Clubhouse: the sale of invitations and applications that mimic the legitimate app”. In both cases, the interest of users who wish to enter the social rooms is leveraged.
Invitations for sale
A black market is thus proliferating on various channels. A Google search is enough to see ads that refer to eBay appear, with prices ranging from 1 to 30 euros. On Twitter, several accounts sell invitations for 5-15 euros: they ask, if interested, to send a direct message and, in most cases, to have a Paypal account.
Money and data: what are the risks
His Reddit, some discussions arose precisely for the purpose of exchanging invitations. The sale is not excluded, as long as it is real. In fact, one of the most popular threads reports some “scams” and indicates (albeit without providing evidence) five users accused of having dropped the bait.
The moderator asks the sellers to “prove that they are actually on Clubhouse, including through screenshots”. For buyers, he advises to “proceed with caution”, especially when asking for money are “newly created Reddit accounts”. And, if possible, have a chat via chat to understand their intentions. Having said that, however, as in any black market, certainty does not exist. Paying (in advance) does not guarantee effective access to the Clubhouse.
His Telegram, dozens of groups have the same purpose. The most popular has more than 78 thousand subscribers. The manager explains to users (in English and Russian) how it works: indicates a card number on which to credit 7 dollars or 450 rubles. Then send a screenshot certifying payment and the phone number needed to sign up. This is probably the real risk, linked to the data. If the promise of access were not respected, the aspiring member would not suffer significant economic damage: he would lose about ten euros. But he would have carried out an operation with his financial data (credit card or Paypal account) and entrusted his phone number to a stranger.
Audio and video exhibited
In addition to the consequences of an invitation market, Kaspersky reports another, more complex and – immediately – less visible: “Attackers can distribute malicious code through popular fake software, such as a fake version of Clubhouse for Android” . The app, at the moment, is in fact only available for iOS, that is, for a minority slice of the mobile market.
“According to the permissions granted in the security settings of the Android device – explain the Kaspersky experts – the malicious fake application could locate the device with various levels of precision, record audio and video, gain access to messaging apps and much more. other”.
Da Clubhouse ai deep fake
There are also some less common risks. “Attackers could implement audio recording functionality on devices where it is allowed. In this case, they would be able to obtain high quality recordings, to be used to refine machine learning algorithms and create more advanced deep fakes ”. Basically, a user could find himself observing someone with his face, which moves and talks like him. A digital alter ego sold off for a few euros or sold due to inattention.