Fake ads for a non-existent version of Clubhouse spread malware to victims
Possibly because an Android version of the app is still months away, quite a few bad actors have been tricking Android users into installing malware-loaded fake versions of a non-existent Clubhouse for Android app. And now TechCrunch is reporting that internet criminals have been taking out ads on Facebook for fake versions of a Clubhouse for PC variant that is not only not real, but is full of malware.
The only platform with a legitimate version of Clubhouse is iOS. The audio only chatroom has become a very popular place to hang, but users need an invitation to join and for now the only place you can download the app from is the App Store. The Facebook ads connect to pages on the social media site that impersonate Clubhouse.
Tapping on the ad opens up a fake Clubhouse for PC website. A link is included that when tapped, downloads malware onto the victim's device. The malicious app seeks instructions from a C&C (command and control) server about what to do next.
Fake Clubhouse for PCF ad is used to get victims to install malware-laden software
Some victims' devices were loaded with ransomware that demanded money from the infected device owner so that his device would be allowed to work again. The fake Clubhouse websites, were hosted in Russia. Facebook wouldn't say how many clicks the fake ads received but it was discovered that nine ads were posted on Facebook last week from Tuesday through Thursday.
The fake ads tried to entice Facebook users by saying that Clubhouse "is now available for PC" alongside a photo of co-founders Paul Davison and Rohan Seth. The ads have since been removed from Facebook's ad library. For the safety of your devices, remember that Clubhouse is only available for iOS at this point.