Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Clubhouse App. Show all posts

3.8 Billion Phone Numbers of Clubhouse Users up for Sale on Dark Web

 


On a hacking forum, a threat actor has begun selling the confidential database of Clubhouse, which contains 3.8 billion phone numbers. According to the threat actor, the company "saves/steals each user's phonebook" in a confidential database that it is selling. According to the seller, the secret database has 3.8 billion phone numbers (cell phones, fixed, private, and professional numbers), each of which is given a score (Number of Clubhouse users who have this phone number in their phonebook). 

The threat actor shared a link to a sample of data from the database, which included phone numbers for approximately 83.5 million Japanese consumers. Cyber News researchers revealed the personal data of 1.3 million Clubhouse users had been exposed online in April 2021. 

Clubhouse refuted these charges in a statement to news agency IANS, saying, "There are a series of bots creating billions of random phone numbers." Speaking over the alleged "secret database of Clubhouse," the company clarified saying, “in the event that one of these random numbers happens to exist on our platform due to mathematical coincidence, Clubhouse’s API returns no user identifiable information." 

Several specialists, in particular, have chimed in on the matter, dismissing the hacker's claims. According to security researcher Rajshekhar Rajaharia, a list of phone numbers, such as the one in this case, maybe easily constructed, and the data leak claim appears to be false. Sunny Nehra, another researcher, pointed out that the threat actor is very new to that forum, is the least engaged, and is prone to making such "lame claims." 

"Days after scraped data from more than a billion Facebook and LinkedIn profiles, collectively speaking, was put for sale online, it looks like now it’s Clubhouse’s turn. The upstart platform seems to have experienced the same fate, with an SQL database containing 1.3 million scraped Clubhouse user records leaked for free on a popular hacker forum," reported CyberNews.

Clubhouse is an iOS and Android social audio app that allows users to speak in voice chat rooms with thousands of people. Live talks are held on the audio-only app, and users can engage by speaking and listening. Conversations may not be recorded, transcribed, duplicated, or disseminated without prior consent, according to Clubhouse guidelines. In a funding round in April 2021, venture capitalists valued Clubhouse at roughly $4 billion. 

Cybercriminals Used Facebook Ads to Lure Users into Installing the Fake Clubhouse App

 

Audio-only app Clubhouse gained huge success over the last few months and now attackers are misusing the reputation and fame earned by the app by delivering Facebook ads, wherein they promote the Clubhouse app for PC to deliver the malware. Notably, the attackers have used the old tactics again because the PC version of the Clubhouse app is not yet released.

The Clubhouse app has nearly 8 million downloads so far. Therefore, malware designers have been busy taking advantage of Clubhouse's rising popularity, creating what they claim is a Clubhouse client for PCs, and then promoting those ads on Facebook to get users to download the app. 

As per a report by TechCrunch, this fake app is full of links to malware. The app also contains a screenshot of the fictional Clubhouse app for desktops, as visualized by the threat actors. Once users download and install the malicious app, it contacts a “command and control” server to perform various tasks. According to the report, running the app inside a secure “sandbox” disclosed that the malicious app tries to corrupt a desktop with ransomware.

Every Facebook page posing as Clubhouse only had a handful of likes but were still running at the time of publication. When TechCrunch reached out to Facebook, the company didn’t answer as to how many users have clicked on the ads directing to the fake Clubhouse websites.

In total, nine ads were posted this week between Tuesday and Thursday. Most of the ads stated a similar tagline that read: Clubhouse “is now available for PC.” While another featured a photo of co-founders Paul Davidson and Rohan Seth. Meanwhile, the clubhouse did not return a request for comment.

Fake advertisements can appear on social media platforms frequently and can slip through the net with ease, so it is important that account owners are aware of the risks with all advertisements on social media. Although social networks will take down any fake adverts once reported, the user must also err on the side of caution when clicking on any advert, and further research is always advised before clicking further into downloading anything. Therefore, this incident brings light to the fact that not all ads can be trusted when you are on any social media platform.