Threat actors have reportedly posted Facebook ads for a malware-laden download that pretended to be a Clubhouse app for Windows.
Ads that promised to overcome Clubhouse’s two limitations (invite- and iPhone-only) shouldn’t have passed Facebook’s security checks, but somehow did, and had a free run on the platform, directing innocent users to several Facebook pages impersonating Clubhouse.
When clicked, the ad would lead to a fake Clubhouse website, which even included a mock up of the Clubhouse PC app along with a download link to a tained executable.
Security researchers have examined the executable and reveal that when run it phones a command and control (C2) server to obtain instructions on how to infect the computer. At least in one reported instance, the executable tried to infect the researcher’s sandboxed machine with ransomware.
However, it appears that the C2 server, and the fake Clubhouse websites, which were hosted in Russia, have gone offline.