Cybercriminals have taken out several Facebook ads masquerading as a Clubhouse app for PC users to target unsuspecting victims with malware, TechCrunch has learned.
TechCrunch was alerted Wednesday to Facebook ads tied to several Facebook pages impersonating Clubhouse, the drop-in audio chat app only available on iPhones. Clicking on the ad would open a fake Clubhouse website, including a mocked-up screenshot of the non-existent PC app’s appearance, with a download link to the malicious app.
When opened, the malicious app tries to communicate with a command and control server to obtain instructions on what to do next. One sandbox analysis of the malware showed the malicious app attempted to infect the isolated machine with ransomware.
It’s not uncommon for cybercriminals to tailor their malware campaigns to piggyback off the successes of wildly popular apps. Clubhouse reportedly topped more than 8 million global downloads to date despite an invite-only launch. That high demand prompted a scramble to reverse-engineer the app to build bootleg versions of it to evade Clubhouse’s gated walls, but also government censors where the app is blocked.
Each Facebook page impersonating Clubhouse only had a handful of likes but was still active at publication. When reached, Facebook wouldn’t say how many account owners had clicked on the ads pointing to the fake Clubhouse websites.
At least nine ads were placed this week between Tuesday and Thursday. Several of the ads said Clubhouse “is now available for PC,” while another featured a photo of co-founders Paul Davidson and Rohan Seth. The Clubhouse did not return a request for comment.
The ads have been removed from Facebook’s Ad Library, but we have published a copy. It’s also not clear how the ads made it through Facebook’s processes in the first place.