February 12, 2020

Kaspersky Analysis Finds Valentine’s Day Malware

More than 20 popular dating apps are being used as bait

Woburn, MA – February 12, 2020 – Kaspersky research has found 1,963 unique malicious files disguised as popular dating apps. The files had nothing to do with legitimate apps but mimicked names and designs of real dating services, in order to spread ads and steal information.

In the lead-up to Valentine’s Day, Kaspersky researchers evaluated the risks and challenges on the digital path to romance and found that many people may be finding matches with cybercriminals.

Popular dating apps used worldwide, such as Tinder and Badoo, often become bait used to spread mobile malware or retrieve personal data to later bombard the users with unwanted ads or even spend their money on expensive paid subscriptions.

The analysis of malware using the names of over 20 popular dating applications and the keyword “dating” revealed 1,963 unique files that were spread in 2019 under the guise of legitimate applications. Two-thirds of them were masked as Tinder (1,262 files) and 263 files were linked to Badoo.

The danger these malicious files present varies from file to file, ranging from Trojans that can download other malware to ones that send expensive SMS messages to adware, making it likely that every ping a user gets is some sort of annoying ad notification rather than a message from a potential date.

For example, one of the applications that looks like Tinder is in fact a banking Trojan that constantly requests accessibility service rights, and upon getting them, grants itself all rights necessary to steal money from the user. Another declares itself as “Settings” right after installation, shows a fake error message and later disappears, with a high likelihood it will return with unwanted ads a few days later.

Тop 10 detections by the number of attacked Kaspersky users

 

Detection name

1

HEUR:Trojan.AndroidOS.Hiddapp.ch

2

HEUR:Trojan.AndroidOS.Boogr.gsh

3

UDS:DangerousObject.Multi.Generic

4

not-a-virus:HEUR:AdWare.AndroidOS.MobiDash.z

5

not-a-virus:HEUR:AdWare.AndroidOS.Mobidash.ai

6

not-a-virus:HEUR:RiskTool.AndroidOS.Frime.a

7

HEUR:Trojan-SMS.AndroidOS.Opfake.a

8

not-a-virus:HEUR:RiskTool.AndroidOS.Dnotua.ixj

9

not-a-virus:HEUR:AdWare.AndroidOS.Mobidash.ag

10

UDS:DangerousObject.AndroidOS.GenericML

 

Cybercriminals who specialize in phishing are also feeding on those seeking to find love. Fake copies of popular dating applications and websites, such as Match.com and Tinder, flood the internet. Users are required to leave their personal data or connect to the applications via their social media account. The result is not surprising: the data will later be used or sold by cybercriminals, while the user will be left with nothing.

tinder-1.pngtinder-2.png

A phishing website disguised as Tinder teases users to register and find a date

Statistics demonstrate that the interest toward the topic of love does increase ahead of Valentine’s Day. For instance, the number of clicks on the phishing version of the PeopleMedia website grew more than two-fold almost a month before the Valentine’s Day.

people-media-graph.png

The number of clicks on the phishing version of the PeopleMedia website detected by Kaspersky products

“Love is one of those topics that interests people universally and, of course, that means that cybercriminals are also there,” said Vladimir Kuskov, head of advanced threat research and software classification at Kaspersky. “Online dating has made our lives easier and yet uncovered new risks on the path to love. We advise users to stay attentive and use legal versions of applications that are available in official application stores.”

To avoid cyber risks ahead of Valentine’s Day, Kaspersky recommends:

  • Always checking application permissions to see what your installed apps are allowed to do  
  • Not installing applications from untrusted sources, even if they are actively advertised, and block the installation of programs from unknown sources in your smartphone’s settings
  • Finding out more information about the dating website you are planning to visit: look into its reputation on the internet and try to find user feedback
  • Using a reliable security solution like Kaspersky Security Cloud that delivers advanced protection on Mac, as well as on PC and mobile devices

To use dating apps safely, Kaspersky recommends:

  • Avoiding sharing too much personal information with strangers
  • Making sure that the person you are meeting is real, as fraudsters often use fake profiles for scams

About Kaspersky

Kaspersky is a global cybersecurity company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 270,000 corporate clients protect what matters most to them. Learn more at usa.kaspersky.com.