Malicious Facebook Ads Target Clubhouse Users

Cybercriminals have been distributing malware through deceptive Facebook advertisements. These ads were designed to appear as legitimate offerings for a Clubhouse application compatible with PC computers.

Impersonation and Deceptive Tactics

TechCrunch was notified on Wednesday regarding Facebook ads linked to multiple pages falsely representing Clubhouse. The genuine Clubhouse app is exclusively available for iPhone users.

Clicking on these advertisements redirected users to fraudulent websites mimicking the Clubhouse interface. These sites displayed a fabricated screenshot of a non-existent PC app and included a download link for the malicious software.

Malware Functionality and Operation

Upon execution, the downloaded application attempted to establish communication with a command and control server. This connection was intended to receive further instructions regarding its malicious activities.

Analysis within a secure sandbox environment revealed that the malware attempted to deploy ransomware onto the isolated system.

Campaign Disruption and Server Issues

The fake Clubhouse websites, which were hosted in Russia, were taken offline overnight. Consequently, the malware ceased to function.

Amit Serper from Guardicore, who analyzed the malware on Thursday, reported that the application received an error message from the server and became inactive.

Exploiting Popularity for Malicious Gain

It is a common practice for cybercriminals to leverage the popularity of trending applications to distribute malware. Clubhouse has experienced significant growth, reportedly exceeding 8 million global downloads despite its invite-only launch.

This high demand has spurred attempts to reverse-engineer the app and create unofficial versions, both to bypass Clubhouse’s access restrictions and to circumvent government censorship in regions where the app is blocked.

Facebook's Response and Ad Details

The Facebook pages involved in this scheme had a limited number of likes but remained active at the time of reporting.

Facebook declined to disclose the number of users who clicked on the ads leading to the fraudulent websites.

At least nine advertisements were placed between Tuesday and Thursday. Some ads explicitly stated that Clubhouse “is now available for PC,” while others featured images of the app’s co-founders, Paul Davidson and Rohan Seth.

Clubhouse has not yet issued a comment regarding this incident.

Ad Removal and Ongoing Concerns

The advertisements have been removed from Facebook’s Ad Library, though a copy has been preserved.

The method by which these ads bypassed Facebook’s security protocols remains unclear.

Here's a list of key takeaways:

• Malware Distribution: Cybercriminals are using Facebook ads to spread malware.
• Targeted App: The ads impersonate the popular Clubhouse app.
• PC Focus: The ads falsely advertise a PC version of Clubhouse.
• Ransomware Threat: The malware attempts to install ransomware.