Clubhouse app: How easy it is to exploit Android users, explains security researcher

Clubhouse, the audio-only social app that has garnered popularity quickly because of its very idea and since it has hosted personalities like Elon Musk and Facebook CEO Mark Zuckerberg, still follows an invite-only method for letting others join it. And this might be one of the biggest ways how scammers can exploit users, according to Denis Legezo, security expert at Kaspersky.

Legezo states that both ‘sale of invites' and ‘fake applications' can be used to exploit users who plan to join Clubhouse. While the first scenario deals with monetisation on a small scale, the second scenario is more serious. Using fake applications and invites, attackers can “distribute malicious code under the guise of popular software – for instance, a fake version of Clubhouse for Android.”

Also read: Clubhouse emerges as platform for Thai dissidents, government issues warning

It is worth adding that although Clubhouse does mention that it is iOS-exclusive only for now, many users are not aware of it yet. And these are the same set of people that might be the target for attackers. “A fake malicious application can do exactly what you allow it to do in the security settings of your Android – to get a rough or accurate location of the device, record audio and video, attain access to messengers, etc,” adds the security expert.

Another trick that can be used by them is to record high-quality audio, train machine algorithms and make more sophisticated deep fakes. “The best way to keep safe is to be vigilant about what you download, and to maintain proper security settings on your smartphone,” says Legezo.