Threat actors are always looking to exploit the popularity of certain products to lure innocent users into downloading malware. In a new take on an old strategy, criminals were using Facebook ads masquerading as a Clubhouse app for PC.
Clubhouse, the invite-only audio chat app available only on iPhones, has over 8 million downloads on App Store. While a PC version of the Clubhouse app is not available yet, threat actors are delivering a fake one through Facebook ads.
Upon clicking the ad, the user will see a fake Clubhouse website that looks quite legitimate and a screenshot of the non-existent PC version of the app and a download link.
TechCrunch reported that last Wednesday, they learned about several Facebook pages mimicking Clubhouse brand identity with malicious purposes.
Upon opening, the app creates a connection with the attackers’ C&C server to receive instructions on what to do next. Sandbox analysis of the malware showed the malicious app tried to deploy ransomware on the victim’s device. The fake Clubhouse websites were hosted in Russia, and the next day, on Thursday, went offline.
In total, cybercriminals posted nine Facebook ads between Tuesday and Thursday. Some featured pictures of app co-founders Paul Davidson and Rohan Seth.
When TechCrunch reached out to Facebok, the social media company didn’t reveal how many users had clicked on the scamming ads.
The ads were later removed from Facebook’s Ad Library but TechCrunch posted a copy of them online. It is unclear how ad operators managed to evade Facebook’s checks and post ads.
TechCrunch also revealed that the fake Clubhouse app websites, which were hosted in Russia, went offline in an interesting turn of events and the malware also stopped working after receiving an error from the server.
Just a few weeks ago in March, we had reported a similar campaign involving Clubhouse when BlackRock malware was disguised as an Android version of the audio chat app.