- The clubhouse app has gotten increasingly popular across the globe.
- The fake app looks identical to the original Clubhouse and can easily trick users to download it
- The app carries Blackrock malware which can gain illegal access to your WhatsApp, Facebook .
The clubhouse app has gotten increasingly popular across the globe. The audio-only app has garnered over 13 million downloads so far. However, now a fake app masquerading as Clubhouse is installing harmful malware on the user's phone. The fake app looks identical to the original Clubhouse and can easily trick users to download it. The app carries Blackrock malware which can gain illegal access to your WhatsApp, Facebook and other important apps.
The cybercriminals are trying to dupe users to download the fake Clubhouse app so that they can steal users' login information for a lot of online services.
As per ESET researcher Lukas Stefanko's findings, the app carrying the dangerous malware has the look and feel of the invitation-only audio chat app, Clubhouse. "Malicious web claiming to offer #Clubhouse for Android spreads banking trojan Blackrock. It lures credentials from 458 apps - financial, cryptocurrency exchanges & wallets, social, IM and shopping apps. There is currently no official Clubhouse app for Android," ESET research has posted on Twitter.
The researcher has discovered that the malware is delivered to your phone through a website and not Google Play Store. Interestingly, the app is only available for iPhone users so there is no question of it being on the Google Play Store.
The cybercriminals have copied the iOS app's website description of the original Clubhouse to make it look authentic. The exact look and the UI have been aped to easily fool the users. The website carries a link with "Get it on Google Play" written on it. When you tap on the button, the app gets downloaded on your phone automatically. So instead of taking you to the Google Play Store first, the website directly installs the app on your phone. Things do not happen this way usually. If there is a genuine app link to the Google Play Store, it will first open the play store site. You will have to manually hit the download button to get the app. So this is a clear indication that the app is fake. Another thing that is amiss with the link is that it does not have a secure connection. The site uses Mobi instead of .com.
"The website looks like the real deal. To be frank, it is a well-executed copy of the legitimate Clubhouse website. However, once the user clicks on 'Get it on Google Play, the app will be automatically downloaded onto the user's device. By contrast, legitimate websites would always redirect the user to Google Play, rather than directly download an Android Package Kit or APK for short," said Stefanko.
The blog also states that once the malware gets downloaded on your phone, it can steal your login data for over 458 online services. The list includes popular shopping, streaming, and financial apps along with social media apps. To name a few, the malware can collect your login data for Twitter, WhatsApp, Facebook, Amazon, Netflix, Outlook, eBay, and more.
So in order to keep your device safe from such malware use only the official app stores such as the Google Play Store or Apple App Store to download an app. If you feel something is fishy with the app, do a bit of research on it before downloading it.