The audio-based social media darling Clubhouse is only available on Apple devices, but that didn’t stop a website from offering a phony Android version of the popular iOS-only app. The fake app is spreading trojan malware to its victims, a security researcher has found.
Hackers spoofed the Clubhouse website. The fraudulent website claims to offer an Android version of the app, which links would-be users to the BlackRock trojan malware. The malware is designed to steal account credentials from hundreds of online services.
“The website looks like the real deal. To be frank, it is a well-executed copy of the legitimate Clubhouse website. However, once the user clicks on ‘Get it on Google Play’, the app will be automatically downloaded onto the user’s device,” said malware researcher Lukas Stefanko.
Android users are urged to only install applications from the Google Play store and to protect accounts with 2-factor authentication whenever it’s an option.
Takeaways:
- Do your research before installing any mobile app. Check for reviews and be sure that the app you’re downloading is supported by a known and established developer.
- Only install apps from official app stores like Apple’s App Store, Google Play, or Microsoft Store.
- Protect any accounts, especially those with access to sensitive or valuable personal data with 2-factor authentication whenever possible.