That Android version of Clubhouse? It’s probably malware.

No, Clubhouse isn’t available for Android yet. But in the meantime, hackers are trying to exploit its popularity by releasing malware disguised as an Android version of the audio chat app.

Antivirus provider ESET spotted the Trojan program. A fake Clubhouse website at “joinclubhouse[.]mobi” has been circulating the dangerous app over the internet. The site itself looks identical to the real Clubhouse website, but it claims to offer an Android version of the app from the Google Play Store. However, if you download it, the Trojanized program will attempt to steal your logins from 458 online services, including social media platforms, cryptocurrency exchanges, and banking apps. 

Although the fake website claims to offer the Clubhouse app from the Google Play Store, it’ll actually deliver the program via its own server—a notable red flag. Once installed, the Trojan will then try to steal passwords by generating a fake login window over the apps you open, such as Facebook, Twitter, or Netflix. The fake window will then record whatever you type, and ferry off your passwords to the hacker’s server. 

“Using SMS-based two-factor authentication (2FA) to help prevent anyone from infiltrating your accounts wouldn’t necessarily help in this case, since the malware can also intercept text messages,” ESET added. “The malicious app also asks the victim to enable accessibility services, effectively allowing the criminals to take control of the device.”

It’s true Clubhouse is working on an Android version of the app. But it probably won’t arrive for a few more months. Expect it to be released on the company’s official website and via the Google Play Store. As for the fake “joinclubhouse[.]mobi” website, it currently triggers a malware warning if you attempt to visit it on the Chrome browser.

This article originally published at PCMag
here