Researcher Lukas Stefanko of information security company ESET discovered that attackers are using the popularity of the Clubhouse voice chat service to steal user data. To do this, they distribute malware posing as the official Android Clubhouse client. However, no official Android client exists at the moment.

In order to spread malware, cybercriminals use a website that is an exact copy of the original Clubhouse page. The Trojan itself is identified by ESET products as Android / TrojanDropper.Agent.HLR. It is designed to steal user credentials of 458 online services, including Twitter, WhatsApp, Facebook, Amazon, eBay, Coinbase, Cash App, etc.

«The site looks like the real thing. Quite frankly, this is a well-designed copy of the legitimate Clubhouse website. But as soon as the user clicks “Get on Google Play”, the application is automatically downloaded to the device. In contrast, legitimate websites always redirect users to Google Play instead of directly downloading the APK of the app.”, – said Stefanko.

Experts say that you can avoid problems with the mentioned malware if you carefully study the site through which it spreads. It uses an insecure http connection instead of https. In addition, the site uses the .mobi domain, while the legitimate Clubhouse site operates in the .com domain. Do not forget that although the developers of the popular service are planning to release an Android version of the Clubhouse client, they have not yet done so. At the moment, Clubhouse voice chats are only available on iOS devices.