Cyber criminals have led Facebook users to download a clubhouse app ‘for PC’, something that does not exist. The app is actually a trojan designed to inject malware into your computer. The popular new invite-only chat app is only available on the iPhone, but worldwide interest in the platform has increased and users are clamoring for Android and presumably ‘PC’ versions.
According to TechCrunchthe malicious campaign used Facebook ads and pages to direct platform users to a series of fake clubhouse websites. Those sites, hosted in Russia, asked visitors to download the app, which they promised was only the most recent version of the product: “We tried to make the experience as smooth as possible. You can watch it now! “they proclaim.
However, after downloading, the app would start signaling to a command and control (C&C) server. In cyber attacks, the C&C is usually the server that informs malware what to do once it infects a system. Testing the app through malware analysis sandbox VMRay apparently showed thatin one case, it tried to infect a computer with ransomware.
Taking advantage of a popular new product to deploy malware is a fairly classic move by cyber criminals – and given Clubhouse’s prominence at the moment, it’s no surprise that this is happening. Researchers have even discovered another fake clubhouse app recently. Lukas Stefanko from security company ESET disclosed how another fictional “Android version” of the app acted as a cover for criminals trying to steal login credentials from users of other services.
Fortunately, it doesn’t seem like this most recent campaign was too popular as TechCrunch reports that the Facebook pages associated with the fake app only had a handful of likes.
G / O Media can receive a commission
It’s an interesting little incident, although it might be difficult to find out about this tricky campaign as the websites hosting the bogus app have apparently disappeared. Removing the sites seems to have disabled the malware. Facebook has also removed the ads associated with the campaign.