ClearTips has learned that cybercriminals have taken out several Facebook ads as a clubhouse app for PC users to target victims of malware.
ClearTips was alerted on Wednesday to Facebook ads tied to several Facebook pages known as the Clubhouse, a drop-in audio chat app only available on iPhones. Clicking on the ad will open a fake clubhouse website, which contains a fake screenshot of what the non-existent PC app looks like, with a malicious app download link.
When opened, the malicious application tries to communicate with a command and control server what it needs to do next. A sandbox analysis of the malware revealed that the malicious app tried to infect the isolated machine with ransomware.
But overnight, fake clubhouse websites – which were hosted in Russia – went offline. In doing so, the malware also stopped working. On Thursday, Guardicor’s Amit Semper, who tested the malware in the sandbox, said the malware received an error from the server and did nothing.
It is not uncommon for cybercriminals to steer their malware campaigns away from wildly popular app successes. The clubhouse reportedly made more than 8 million global downloads despite the launch-only. That high demand prompted a scramble to reverse-engineer the app to take out the gated walls of the clubhouse, but also government censors where the app is blocked.
Each Facebook page impersonating the clubhouse had only a few likes, but was still active at the time of publication. When reached, Facebook would not say how many account owners had clicked on advertisements pointing to fake clubhouse websites.
This week, at least nine advertisements were placed between Tuesday and Thursday. Several advertisements stated that the clubhouse “is now available for PC,” while another featured a picture of co-founders Paul Davidson and Rohan Seth. The club house did not return a request for comment.
The ads have been removed from Facebook’s advertising library, but we have published a copy. It is also unclear how the ads made it through Facebook’s processes.