While Clubhouse has seen a surge in popularity on iOS devices over the past few months, Android smartphones have been left out of the loop. Now, hackers are looking to take advantage of the Google Play Store's lack of the audio-chat app by offering a download for Android. Guess what? It's malware.
Security research team ESET discovered a trojan program on a fake Clubhouse website offering the audio chat app for Android. Whatever you do, don't download it.
- What is Clubhouse and why is Facebook cloning the voice chat app?
- Best phone deals in March 2021
- Samsung Galaxy S21 FE may arrive in August — here's what we know
Clubhouse on Android is fake
Currently, the invitation-only chat app is exclusively available on the App Store, which means an official Android version doesn't exist (yet). However, a very similar-looking Clubhouse website under the address "joinclubhouse[.]mobi” states otherwise, tricking Android users into believing Clubhouse has finally arrived.
Unfortunately, the fake website is a front to deliver malicious malware that can steal a victim's private login information for up to 458 online services. This includes cryptocurrency exchanges, messaging apps such as Whatsapp, as well as popular social media platforms including Twitter, Facebook, Amazon, Netflix, and more.
“The website looks like the real deal. To be frank, it is a well-executed copy of the legitimate Clubhouse website," said malware researcher Lukas Stefanko. "However, once the user clicks on ‘Get it on Google Play’, the app will be automatically downloaded onto the user’s device. By contrast, legitimate websites would always redirect the user to Google Play, rather than directly download an Android Package Kit, or APK for short.”
If a user does get duped into downloading it, the trojan program, known as "BlackRock," will create an overlay on a list of targeted apps, asking users to log in when they open one of the apps. Once the user puts in their credentials, the overlay will record the login information for hackers to see and, of course, use.
What's worse, the malware can even bypass SMS-based two-factor authentication, as ESET research states it can intercept text messages. Yikes.
In any case, don't download any Clubhouse app for Android, as it definitely doesn't exist yet. However, there's hope for Android users as Clubhouse co-founder Paul Davison has said the popular app will launch on Android "in a couple of months." If you are looking to download the audio-chat app, head over to the official site or the App Store.