Cybercriminals have been pressuring Facebook users to download a “PC” Clubhouse app, which doesn’t exist. The application is actually a Trojan designed to inject malware into your computer. The popular new invitation-only chat app is only available on the iPhone, but global interest in the platform has increased and users are claiming versions of Android and presumably “PC”.
For TechCrunch, the malicious campaign used Facebook pages and ads to direct users of the platform to a number of fake Clubhouse websites. These sites, hosted in Russia, asked visitors to download the app, which promised to be the latest version of the product: “We tried to make the experience as smooth as possible. You can check it out right now! “it is proclaimed.
However, once downloaded, the application would start signaling a command and control (C&C) server. In cyber attacks, C&C is usually the server that informs malware what to do when it has infected a system. Test the application through VMRay sandbox malware analysis apparently he proved it, in one case, tried to infect a computer with ransomware.
Taking advantage of a popular product to deploy malware is a pretty classic cybercrime movement, and given Clubhouse’s prominence right now, it’s no wonder this is happening. In fact, researchers recently discovered a different fake application from the Clubhouse. Lukas Stefanko of the security firm ESET revealed as another fictitious “Android version” of the app acted as a front for criminals who wanted to steal the login credentials of users of other services.
Fortunately, this latest campaign doesn’t seem to be too popular, as TechCrunch reports that the Facebook pages associated with the fake app only had a handful of likes.
G / O Media may receive a commission
It’s an interesting little incident, though it can be difficult to learn more about this tricky campaign because the websites hosting the fake app have apparently disappeared. Removal of sites appears to have disabled malware. Facebook has also removed ads associated with the campaign.