Click to Skip Ad
Closing in...

Don’t get fooled by this fake, malicious version of the Clubhouse app

Clubhouse app

The new audio-centric Clubhouse app is the latest social network that everyone is buzzing about, with the new app’s cachet having risen so precipitously that it’s attracted participation from big tech industry names like Bill Gates and Elon Musk — while Facebook is going so far as to try to cobble together its own knock-off version of the service to blunt its growth. Heck, Facebook CEO Mark Zuckerberg himself has even put in an appearance during one of the Clubhouse “shows,” which are essentially these audio-only gatherings that include a host and guests who are allowed a pretty open filter to say what they want, while you, the audience, can listen in real time.

And here’s one of the most important details to note right now about Clubhouse: At the time of this writing, the Clubhouse app is still iOS-only. During the most recent Clubhouse “Townhall” event over the weekend, Clubhouse co-founder Paul Davison said that an Android app launch for Clubhouse is at least a “couple of months” away, now that the company has hired an Android software developer. In the interim, however, hackers are trying to take advantage of the fact that people are anxious for an Android version of Clubhouse to arrive.

Today's Top Deal Amazon just kicked off a massive new sale — see all the best deals right here! Price:See Today's Deals! Buy Now Available from Amazon, BGR may receive a commission Available from Amazon BGR may receive a commission

Indeed, according to antivirus provider ESET, cybercriminals are attempting to take advantage of Clubhouse’s popularity to trick people into falling for a malware scheme.

ESET malware researcher Lukas Stefanko found a Trojan program on a fake Clubhouse website (at “joinclubhouse[.]mobi”) that looks identical to the real thing, but for the obvious giveaway — that it claims to offer an Android version of the Clubhouse app from the Google Play Store, which, again, does not exist yet. Per Stefanko’s analysis, if you download this particular faux Clubhouse app, the Trojan program will start working to try and steal your login credentials from more than 450 apps and services like social media sites, in addition to bypassing SMS-based two-factor authentication.

The “BlackRock” Trojan actually targets at least 458 online services, including shopping apps, cryptocurrency exchanges, and popular services that include Twitter, WhatsApp, Facebook, Amazon, Netflix, Outlook, eBay, Coinbase, and the Cash app, to name a few.

“The website looks like the real deal,” Stefanko says. “To be frank, it is a well-executed copy of the legitimate Clubhouse website. However, once the user clicks on ‘Get it on Google Play’, the app will be automatically downloaded onto the user’s device. By contrast, legitimate websites would always redirect the user to Google Play, rather than directly download an Android Package Kit, or APK for short.”

Other red-flags to be aware of, besides the most obvious one (that Clubhouse itself has said an Android version is still months away), Stefanko adds that you can see something is not right by noting that the connection is not shown as HTTPS once the user taps the fake “Get it on Google Play” option. Also, the site uses the top-level domain “.mobi” rather than the “.com” used by the actual app. So, again, beware of schemes like these to capitalize on the app’s popularity — and take advantage of unsuspecting users.

Today's Top Deal Amazon just kicked off a massive new sale — see all the best deals right here! Price:See Today's Deals! Buy Now Available from Amazon, BGR may receive a commission Available from Amazon BGR may receive a commission

Andy is a reporter in Memphis who also contributes to outlets like Fast Company and The Guardian. When he’s not writing about technology, he can be found hunched protectively over his burgeoning collection of vinyl, as well as nursing his Whovianism and bingeing on a variety of TV shows you probably don’t like.




Popular News