Over the past year, Clubhouse, an invite-only audio-chat app exclusive for iPhone users, has grown from 1,500 users since its creation in March 2020 to 2.2 million this January. Taking advantage of its popularity, many unofficial copies are now being spread on the Internet, especially for unsuspecting Android users that may want to try the app.
Just last March 16, ESET malware researcher Lukas Stefanko detected a knock-off version of the Clubhouse app, posing as an official release for Android but found to be malware. The counterfeit app was accessed through a copy of the official website, which used a .mobi domain instead of .com.
When visited, the said fake website looked like the official one. However, it replaced the ‘Download on the App Store’ button to ‘Get it on Google Play’. After clicking the button, it would then download the malware directly to the Android device instead of redirecting to the Google Play Store app.
According to ESET, the malicious website claiming to offer Clubhouse for Android spreads banking trojan Blackrock. It lures credentials from 458 apps - financial, cryptocurrency exchanges & wallets, social, instant messaging and shopping apps.
Anti-fraud firm ThreatFabric first uncovered the Blackrock trojan around May last year. The said malware can perform overlay attacks, send, spam and steal SMS messages, lock the victim in the launcher activity, steal and hide notifications, deflect usage of antivirus software on the device and act as a keylogger. Meaning, it can lure users into typing their own credentials, say on Twitter or on eBay.
To avoid this, Android users who are looking forward to using the Clubhouse app should still wait for the official release, which can take a “couple of months” or so, according to Clubhouse co-founder Paul Davison.
The Android release was first teased last January, with Clubhouse saying they “are thrilled to begin work on our Android app soon and to add more accessibility and localisation features so that people all over the world can experience Clubhouse in a way that feels native to them”.