Skip to main content

Clubhouse for PC isn't a thing - that download is actually malware

Facebook
(Image credit: Shutterstock)
Audio player loading…

Threat actors have reportedly posted Facebook ads for a malware (opens in new tab)-laden download that pretended to be a Clubhouse (opens in new tab) app for Windows.

Cybercriminals often piggyback on the popularity of successful apps to lure innocent users to download infected clones - and with millions of downloads (opens in new tab) already, the invite-only audio-chat Clubhouse iPhone app (opens in new tab) lent itself nicely to the scammers. 

Ads that promised to overcome Clubhouse’s two limitations (invite- and iPhone-only) shouldn’t have passed Facebook’s security checks, but somehow did, and had a free run on the platform, directing innocent users to several Facebook pages impersonating Clubhouse.

TechRadar needs yo...

We're looking at how our readers use VPN for a forthcoming in-depth report. We'd love to hear your thoughts in the survey below. It won't take more than 60 seconds of your time.

>> Click here to start the survey in a new window (opens in new tab)<<

Fake ads

According to reports, at least nine different ads for the fraudulent non-existent app were placed this week between Tuesday and Thursday. 

When clicked, the ad would lead to a fake Clubhouse website, which even included a mock up of the Clubhouse PC app along with a download link to a tained executable.

Security researchers have examined the executable and reveal that when run it phones a command and control (C2) server to obtain instructions on how to infect the computer. At least in one reported instance, the executable tried to infect the researcher’s sandboxed machine with ransomware.

However, it appears that the C2 server, and the fake Clubhouse websites, which were hosted in Russia, have gone offline.

When TechCrunch contacted Facebook about the ads that have now been removed from the platform, the social network refused to share the number of its users that had clicked on the ads pointing to the fake Clubhouse websites (opens in new tab).

The fake facebook ads campaign comes on the heels of revelations that cybercriminals broke through Google Play Store’s protections (opens in new tab) to list a malware-like fake Netflix application on the platform. 

It’s worrying to see cybercriminals able to bypass security checks and protocols of established platforms, such as Facebook and Google, and the tech giants will have to up the ante in order to prevent further misuse.

Via: TechCrunch (opens in new tab)

Mayank Sharma
Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.