Cybercriminals have taken out a series of Facebook ads disguised as a Clubhouse app for PC users to target unsuspecting victims with malware, TechCrunch has learned.
TechCrunch was warned on Wednesday about Facebook ads tied to several Facebook pages mimicking Clubhouse, the drop-in audio chat app only available on iPhones. Clicking on the ad opens a fake Clubhouse website, including a mocking screenshot of what the non-existent PC app looks like, with a download link to the malicious app.
When opened, the malicious app tries to communicate with a command and control server for instructions on what to do next. A sandbox analysis of malware showed that the malicious app was trying to infect the isolated machine with ransomware.
But overnight, the fake clubhouse sites ̵
It is not uncommon for cybercriminals to tailor their malware campaigns to piggyback from the successes of wildly popular apps. Clubhouse has reportedly topped more than 8 million global downloads to date despite an invite-only invitation. This high demand prompted a cabinet to reverse engineer the app to build bootleg versions of it to evade Clubhouse’s gated walls, but also government censorship where the app is blocked.
Each of the Facebook pages that mimicked Clubhouse had only a handful of likes, but were still active at the time of publication. When Facebook reached it, he would not say how many account owners had clicked on the ads pointing to the fake clubhouse sites.
At least nine ads were placed this week between Tuesday and Thursday. Several of the ads said the clubhouse “is now available for PC,” while another featured a photo of co-founders Paul Davidson and Rohan Seth. The clubhouse did not return a request for comment.
The ads have been removed from Facebook’s Ad Library, but we have published a copy. Nor is it clear how the ads initially did it through Facebook’s processes.