Audio-only app Clubhouse gained huge success over the last few months and now attackers are misusing the reputation and fame earned by the app by delivering Facebook ads, wherein they promote the Clubhouse app for PC to deliver the malware. Notably, the attackers have used the old tactics again because the PC version of the Clubhouse app is not yet released.
The Clubhouse app has nearly 8 million downloads so far. Therefore, malware designers have been busy taking advantage of Clubhouse's rising popularity, creating what they claim is a Clubhouse client for PCs, and then promoting those ads on Facebook to get users to download the app.
As per a report by TechCrunch, this fake app is full of links to malware. The app also contains a screenshot of the fictional Clubhouse app for desktops, as visualized by the threat actors. Once users download and install the malicious app, it contacts a “command and control” server to perform various tasks. According to the report, running the app inside a secure “sandbox” disclosed that the malicious app tries to corrupt a desktop with ransomware.
Every Facebook page posing as Clubhouse only had a handful of likes but were still running at the time of publication. When TechCrunch reached out to Facebook, the company didn’t answer as to how many users have clicked on the ads directing to the fake Clubhouse websites.
In total, nine ads were posted this week between Tuesday and Thursday. Most of the ads stated a similar tagline that read: Clubhouse “is now available for PC.” While another featured a photo of co-founders Paul Davidson and Ro ..