As persistent and savvy as hackers can be, the last thing any of us need is for the most popular sites and services on the planet to give those hackers a platform to trick people into having their data stolen. Unfortunately, that is precisely what appears to have happened, as TechCrunch reports that cybercriminals have been taking out ads on Facebook for a fake “Clubhouse for PC” app that is actually filled with dangerous malware.
Earlier this week, unnamed sources alerted TechCrunch that multiple Facebook pages were running ads advertising a supposed PC version of the Clubhouse app, which is a drop-in audio chat app currently only available on iPhone. Anyone who clicks the ad on Facebook is redirected to a website that purports to be run by the team behind Clubhouse, complete with a fake screenshot of the non-existent PC port and a link to download the scam app.
Providing you ever run into this ad, hopefully, you know not to click on it, but if you were to click through to the website, download the fake app on to your computer, and open it, the app would begin attempting to communicate with a command and control server that would send instructions on how to proceed. TechCrunch links to a sandbox analysis of the malware which showed it trying to infect an isolated machine with ransomware.
We can hope this will serve as another cautionary tale for those who think they can let their guard down while clicking around on a site as massive as Facebook, but it appears that the scammy websites went down shortly after TechCrunch was made aware of them. Amit Serper, research at Guardicore, tested the malware in a sandbox on Thursday and found that it received an error. The malware appears to be inactive now that the websites are gone.
Being an invite-only platform, it’s no surprise that hackers chose Clubhouse as the Trojan horse to fool unsuspecting Facebook users into downloading malware. Back in February, App Annie reported that Clubhouse had been downloaded over 8 million times, but more than 3.5 million of those downloads occurred in the first half of February. It was a viral sensation, and hackers wanted to take advantage of the app’s skyrocketing success.
TechCrunch notes that the Facebook pages featuring the ads for the malicious software only had a few likes each, but they were still active when the site published its report. When TechCrunch reached out, Facebook wouldn’t say how many people had clicked the fraudulent ads, and Clubhouse never returned a request for comment. The ads have at least been removed from Facebook’s Ad Library, but you can see what they looked like here.