Swipe right, chat to a
fake user and your personal data could be stolen.
A series of bots have
invaded dating app Tinder and are spreading dangerous downloads after luring
users with tempting profiles and pictures, an antivirus developer has
discovered.
Bitdefender
Labs is currently investigating both the Android application and the bots
that seem to have stolen pictures from an Arizona-based photography studio.
Some of these images are also being used for fake Facebook profiles.
Catalin Cosoi, chief
security strategist at Bitdefender, said: "After users swipe the right
button on Tinder to indicate
that they like a profile, the bots engage users in automated conversations
until they convince them to click on a dubious link.
"The name of the
URL gives the impression of an official page of the dating app and for extra
legitimacy scammers also registered it on a reputable .com domain."
Bitdefender warns users
to be aware of this risk, and advises that a typical bot message reads:
"Hey, how are you doing? I'm still recovering from last night? Relaxing
with a game on my phone, castle clash. Have you heard about it? Play with me
and you may get my phone number."
The scam is
geo-specific: British users are lured to fraudulent surveys and dubious
competitions for ASDA and Tesco vouchers, while Tinder users in the US are
brought to the 'Castle Clash' game download.
Castle Clash developer
IGG has said that this issue is currently looked in to. IGG's Jiayan Wu,
commented: "We are aware of this issue and we are currently investigating
into it. We are also being victimized in this issue therefore we are grateful
for being informed." Bitdefender has also notified the photography studio
where the bots' pictures were stolen from.
This is not the first
time that the dating app has come under attack from bots spreading dubious or
malicious links. To guard against this threat, Bitdefender recently published a
security and privacy guide to help users "tinder" more safely.
The antivirus software
company has also discovered a similar ad campaign targeting National Geographic
mobile users with scare ware saying they have been infected with malware. The
ad "technique" abusively redirected users to a Google Play app that would
clean their Android device.
No comments:
Post a Comment