Cybercriminals have released a number of Facebook ads posing as a Clubhouse app for PC users to target unsuspecting victims with malware, TechCrunch has learned.
TechCrunch was alerted on Wednesday to Facebook ads linked to several Facebook pages mimicking Clubhouse, the audio chat app available only on iPhones. Clicking on the ad would open a fake Clubhouse website, including a simulated screenshot of what the non-existent PC app looks like, with a download link to the malicious app.
When opened, the malicious application attempts to communicate with a command and control server for instructions on what to do next. A sandbox analysis of the malware showed that the malicious application attempted to infect the isolated machine with ransomware.
But overnight, the Clubhouse’s bogus websites – which were hosted in Russia – were taken offline. In doing so, the malware also stopped working. Guardicore’s Amit Serper, who sandboxed the malware on Thursday, said the malware received a server error and did nothing more.
It is not uncommon for cybercriminals to tailor their malware campaigns to take advantage of the successes of extremely popular applications. Clubhouse has reportedly surpassed over 8 million downloads worldwide to date despite an invitation-only launch. This high demand has prompted a rush to reverse engineer the app to create bootleg versions to escape the closed walls of Clubhouse, but also government censors where the app is blocked.
Each of the Facebook pages masquerading as Clubhouse only had a handful of likes, but were still active at the time of publication. Once reached, Facebook did not report how many account owners clicked on ads pointing to bogus Clubhouse websites.
At least nine ads were placed this week between Tuesday and Thursday. Several of the ads stated that Clubhouse “is now available for PC,” while another featured a photo of co-founders Paul Davidson and Rohan Seth. Clubhouse did not return a request for comment.
Ads have been removed from the Facebook Ads Library, but we’ve released a copy. It’s also unclear how the ads got through Facebook’s processes in the first place.