Clubhouse app for Android is fake — download at your own risk

Clubhouse App
(Image credit: Unsplash)

While Clubhouse has seen a surge in popularity on iOS devices over the past few months, Android smartphones have been left out of the loop. Now, hackers are looking to take advantage of the Google Play Store's lack of the audio-chat app by offering a download for Android. Guess what? It's malware.

Security research team ESET discovered a trojan program on a fake Clubhouse website offering the audio chat app for Android. Whatever you do, don't download it. 

Clubhouse on Android is fake

Currently, the invitation-only chat app is exclusively available on the App Store, which means an official Android version doesn't exist (yet). However, a very similar-looking Clubhouse website under the address "joinclubhouse[.]mobi” states otherwise, tricking Android users into believing Clubhouse has finally arrived.

Unfortunately, the fake website is a front to deliver malicious malware that can steal a victim's private login information for up to 458 online services. This includes cryptocurrency exchanges, messaging apps such as Whatsapp, as well as popular social media platforms including Twitter, Facebook, Amazon, Netflix, and more.

“The website looks like the real deal. To be frank, it is a well-executed copy of the legitimate Clubhouse website," said malware researcher Lukas Stefanko. "However, once the user clicks on ‘Get it on Google Play’, the app will be automatically downloaded onto the user’s device. By contrast, legitimate websites would always redirect the user to Google Play, rather than directly download an Android Package Kit, or APK for short.”

If a user does get duped into downloading it, the trojan program, known as "BlackRock," will create an overlay on a list of targeted apps, asking users to log in when they open one of the apps. Once the user puts in their credentials, the overlay will record the login information for hackers to see and, of course, use.

What's worse, the malware can even bypass SMS-based two-factor authentication, as ESET research states it can intercept text messages. Yikes.

In any case, don't download any Clubhouse app for Android, as it definitely doesn't exist yet. However, there's hope for Android users as Clubhouse co-founder Paul Davison has said the popular app will launch on Android "in a couple of months." If you are looking to download the audio-chat app, head over to the official site or the App Store

Darragh Murphy

Darragh Murphy is fascinated by all things bizarre, which usually leads to assorted coverage varying from washing machines designed for AirPods to the mischievous world of cyberattacks. Whether it's connecting Scar from The Lion King to two-factor authentication or turning his love for gadgets into a fabricated rap battle from 8 Mile, he believes there’s always a quirky spin to be made. With a Master’s degree in Magazine Journalism from The University of Sheffield, along with short stints at Kerrang! and Exposed Magazine, Darragh started his career writing about the tech industry at Time Out Dubai and ShortList Dubai, covering everything from the latest iPhone models and Huawei laptops to massive Esports events in the Middle East. Now, he can be found proudly diving into gaming, gadgets, and letting readers know the joys of docking stations for Laptop Mag.