Beware fake Clubhouse invitations spreading virus on Android
Android smartphone users have been warned of fake Clubhouse invitations that hide a malicious trojan virus.
ESET researcher Lukas Stefanko discovered that malicious messages inviting users to download the Clubhouse app for Android actually spread the Blackrock malware, which is capable of compromising login and payment credentials for a variety of platforms on the user’s smartphone once installed.
Clubhouse is a popular and exclusive audio chat social network that was launched in April 2020 and is currently only available on iPhone.
It is an invite-only platform, which means that unless someone who already has the application invites you to sign up, you will be unable to use it.
The malware in this case is spread via a copy of the Clubhouse website, with the only notable change to the content of the web page being the replacement of the App Store logo with the Google Play Store logo.
If the user taps the “Get it on Google Play” button, the app will be automatically downloaded onto their device.
This is a warning sign, as this button should normally open the Google Play app on the user’s smartphone, where they would be able to download the app from an official app store.
There are also other warning signs on the fake Clubhouse website. Most notably, the website has no secure connection and has an HTTP URL instead of HTTPS.
It is also on the .mobi domain, not the .com domain used by the real “www.joinclubhouse.com” website.
There is currently no Android version of the Clubhouse app and any applications currently claiming this likely contain malware.
Rise of Clubhouse
Clubhouse has garnered much attention and popularity throughout the COVID-19 pandemic, with the app purporting to focus specifically on the security of audio conversations.
It has been endorsed by Elon Musk, who has used it to speak with Kanye West and invited Vladimir Putin to speak with him on the platform.
In its first year, the application was downloaded by nearly 13 million iPhone users.
The company has stated that an Android version of its applications will be coming soon, although there is currently no confirmed release date.