Cybercriminals often piggyback on the popularity of successful apps to lure innocent users to download infected clones – and with millions of downloads already, the invite-only audio-chat Clubhouse iPhone app lent itself nicely to the scammers.
Ads that promised to overcome Clubhouse’s two limitations (invite- and iPhone-only) shouldn’t have passed Facebook’s security checks, but somehow did, and had a free run on the platform, directing innocent users to several Facebook pages impersonating Clubhouse.
We’re looking at how our readers use VPN for a forthcoming in-depth report. We’d love to hear your thoughts in the survey below. It won’t take more than 60 seconds of your time.
According to reports, at least nine different ads for the fraudulent non-existent app were placed this week between Tuesday and Thursday.
When clicked, the ad would lead to a fake Clubhouse website, which even included a mock up of the Clubhouse PC app along with a download link to a tained executable.
Security researchers have examined the executable and reveal that when run it phones a command and control (C2) server to obtain instructions on how to infect the computer. At least in one reported instance, the executable tried to infect the researcher’s sandboxed machine with ransomware.
However, it appears that the C2 server, and the fake Clubhouse websites, which were hosted in Russia, have gone offline.
When TechCrunch contacted Facebook about the ads that have now been removed from the platform, the social network refused to share the number of its users that had clicked on the ads pointing to the fake Clubhouse websites.
The fake facebook ads campaign comes on the heels of revelations that cybercriminals broke through Google Play Store’s protections to list a malware-like fake Netflix application on the platform.
It’s worrying to see cybercriminals able to bypass security checks and protocols of established platforms, such as Facebook and Google, and the tech giants will have to up the ante in order to prevent further misuse.