Cybercriminals often piggyback on the popularity of successful apps to lure innocent users to download infected clones - and with millions of downloads (opens in new tab) already, the invite-only audio-chat Clubhouse iPhone app (opens in new tab) lent itself nicely to the scammers.
Ads that promised to overcome Clubhouse’s two limitations (invite- and iPhone-only) shouldn’t have passed Facebook’s security checks, but somehow did, and had a free run on the platform, directing innocent users to several Facebook pages impersonating Clubhouse.
We're looking at how our readers use VPN for a forthcoming in-depth report. We'd love to hear your thoughts in the survey below. It won't take more than 60 seconds of your time.
>> Click here to start the survey in a new window (opens in new tab)<<
- We've put together a list of the best endpoint protection (opens in new tab) software
- These are the best identity theft protection tools
- Here’s are list of the best Clubhouse alternatives (opens in new tab) for Android
According to reports, at least nine different ads for the fraudulent non-existent app were placed this week between Tuesday and Thursday.
When clicked, the ad would lead to a fake Clubhouse website, which even included a mock up of the Clubhouse PC app along with a download link to a tained executable.
Security researchers have examined the executable and reveal that when run it phones a command and control (C2) server to obtain instructions on how to infect the computer. At least in one reported instance, the executable tried to infect the researcher’s sandboxed machine with ransomware.
However, it appears that the C2 server, and the fake Clubhouse websites, which were hosted in Russia, have gone offline.
When TechCrunch contacted Facebook about the ads that have now been removed from the platform, the social network refused to share the number of its users that had clicked on the ads pointing to the fake Clubhouse websites (opens in new tab).
The fake facebook ads campaign comes on the heels of revelations that cybercriminals broke through Google Play Store’s protections (opens in new tab) to list a malware-like fake Netflix application on the platform.
It’s worrying to see cybercriminals able to bypass security checks and protocols of established platforms, such as Facebook and Google, and the tech giants will have to up the ante in order to prevent further misuse.
- Protect your devices with these best antivirus software (opens in new tab)
Via: TechCrunch (opens in new tab)