Cybercriminals Bought Facebook Ads for a Fake Clubhouse App That Was Riddled With Malware

Cybercriminals Bought Facebook Ads for a Fake Clubhouse App That Was Riddled With Malware
Photo: Josh Edelson/AFP, Getty Images
To sign up for our daily newsletter covering the latest news, features and reviews, head HERE. For a running feed of all our stories, follow us on Twitter HERE. Or you can bookmark the Gizmodo Australia homepage to visit whenever you need a news fix.

Cybercriminals have been pushing Facebook users to download a Clubhouse app “for PC,” something that doesn’t exist. The app is actually a trojan designed to inject malware into your computer. The popular new invite-only chat app is only available on iPhone but worldwide interest in the platform has risen and users are clamoring for Android and, presumably, “PC” versions.

Per TechCrunch, the malicious campaign used Facebook ads and pages to direct platform users to a series of fake Clubhouse websites. Those sites, hosted in Russia, asked visitors to download the app, which they promised was just the most recent version of the product: “We tried to make the experience as smooth as possible. You can check it out right now!” one proclaims.

However, once downloaded, the app would begin signalling to a command and control (C&C) server. In cyberattacks, the C&C is typically the server that informs malware what to do once it has infected a system. Testing of the app through malware analysis sandbox VMRay apparently showed that, in one instance, it tried to infect a computer with ransomware.

Taking advantage of a popular new product to deploy malware is a pretty classic cybercriminal move — and given Clubhouse’s prominence right now, it’s no surprise that this is happening. In fact, researchers recently discovered a different fake Clubhouse app. Lukas Stefanko of security firm ESET revealed how another fictional “Android version” of the app was acting as a front for criminals looking to steal users’ login credentials from others services.

Fortunately, it doesn’t appear that this most recent campaign was too popular, as TechCrunch reports that the Facebook pages associated with the fake app only had a handful of likes.

It’s an interesting little incident, though it may be difficult to find out more about this tricky campaign because the websites hosting the fake app have apparently disappeared. The takedown of the sites appears to have disabled the malware. Facebook has also taken down the ads associated with the campaign.