Cybercriminals have released a number of Facebook ads that posed as a Clubhouse app for computer users to harass victims they don’t suspect, TechCrunch has learned.
TechCrunch was alerted on Wednesday to Facebook ads linked to several Facebook pages posing as Clubhouse, an audio chat app available only on iPhones. Clicking on the ad will open a fake Clubhouse website, including a ridiculous screenshot of what a non-existent computer application looks like, with a link to download the malicious application.
When it opens, the malicious application tries to communicate with the command and control server to get instructions on what to do next. One analysis of malware in a protected environment showed that a malicious application attempted to infect an isolated machine with ransomware.
But overnight, the fake Clubhouse website – which was located in Russia – went offline. The malware also stopped working. Guardicore’s Amit Serper, who tested the malware in a protected environment on Thursday, said the software received an error from the server and did nothing more.
It is not uncommon for cybercriminals to tailor their malware campaigns to the success of wildly popular applications. The clubhouse has reportedly surpassed more than 8 million global downloads to date, despite launching with an invitation only. That high demand has sparked a controversy to reverse engineer the app to make versions of it to avoid the closed walls of the Clubhouse, but also government censors where the app is blocked.
Each of the Facebook pages falsely posing as Clubhouse had only a few likes, but was still active at the time of posting. When reached, Facebook wouldn’t say how many account holders clicked on ads pointing to fake Clubhouse websites.
At least nine ads were posted this week between Tuesday and Thursday. Several ads said the Clubhouse was “now available for PC,” while another featured a photo of co-founders Paul Davidson and Rohan Seth. Clubhouse did not return a request for comment.
The ads have been removed from Facebook’s ad library, but we’ve posted a copy. It is also not clear how the ads went through the Facebook processes at all.