Facebook ran ads for fake Clubhouse app loaded with malware
Cybercriminals have been running ads on Facebook for a PC version of Clubhouse that does not exist, reports TechCrunch. Clicking on the advertisement opens up a website that impersonates the official web page of the audio-based social media platform. The page has mocked-up screenshots of a non-existent PC version of Clubhouse and a download link to a malicious app.
The malware tries to install ransomware on your PC
Once you download, install, and open the fake Clubhouse app on your computer, it contacts the command and control (C&C) server, asks for further instructions, and then tries to install ransomware on your PC, reveals a sandbox analysis of the malware. The publication reports that Facebook pages impersonating Clubhouse had only a few likes. However, they were still active till recently.
Facebook has removed fake Clubhouse advertisements
According to TechCrunch, around nine fake Clubhouse ads were placed by various accounts on Facebook last week. Most of the ads said "Clubhouse is now available on PC," and one of them featured a photo of co-founders Paul Davison and Rohan Seth. While Facebook has removed the fake Clubhouse ads, it is not clear how these ads evaded the platform's security measures.
Clubhouse is available only for iOS at the moment
Currently, Clubhouse is available only for iOS on an invite-only basis. While the company is developing an Android app for Clubhouse, it has not been released yet. The brand has not revealed any plans of releasing Clubhouse for PCs. Since Clubhouse has become rather popular, gathering around 13 million downloads, internet criminals have been trying to impersonate the app to spread malware and ransomware.
Fake Clubhouse websites have gone offline now
According to the publication, the fake Clubhouse websites were hosted in Russia and they have gone offline now. The malware now receives an error after trying to contact the server and does nothing more, says Amit Serper, Area VP of Research at Guardicore. Facebook hasn't broken its silence on how many account owners clicked on the fake Clubhouse ads.
Malware in guise of Clubhouse has been circulating on Android
Attackers, however, are not only targeting PC users but also Android devices. A link to a fake Clubhouse website has been circulating on the internet lately. It claims to offer a Clubhouse app for Android. Once installed, the Trojan program will attempt to steal your logins from 458 online services by showing a fake login window over your existing apps.
Data of 1.3 million Clubhouse users has allegedly leaked
Separately, CyberNews has reported that data of 1.3 million Clubhouse profiles including names, social media handles, and more, has been posted on a hacker forum. Clubhouse says that the news is fake and misleading. The company claims the app has not been breached and the data that is being referred to is public profile information that anyone can access via the app.
