vendredi 14 février 2020

You got a match! With a cyber-criminal

The past decade has brought digitization into practically every aspect of our lives and communication has probably transformed the most. People’s love lives are no exception and with Valentine’s Day approaching, singles and couples alike are under intensifying pressure to solidify their plans for this Saturday. Only for the singles and open-minded couples, this requires an additional step – finding a companion — and dating apps are here to help. Or are they?

Swiping right is simple, but on the way to finding your new true love (or just a date, if you prefer to keep things light), nothing comes as easy as you hope, even in the digital world. Kaspersky researchers evaluated the risks and challenges on the path to romance and found that cyber criminals are no strangers to love affairs.

Popular dating apps used worldwide, such as Tinder and Badoo, often become a bait used to spread mobile malware or retrieve personal data to later bombard the users with unwanted ads or even spend their money on expensive paid subscriptions. Such files have nothing to do with legitimate apps, as they only use the name and sometimes the design of authentic dating services.

The analysis of malware using the names of over 20 popular dating applications and the keyword ‘dating’ showed 1963 unique files were spread in 2019 under the guise of legitimate applications. Notably, two thirds of them were masking under Tinder (1262 files) and another sixth was linked to Badoo (263 files); both are applications recognized worldwide.
The danger these malicious files bring varies from file to file, ranging from Trojans that can download other malware to ones that send expensive SMS, to adware, making it likely every ping a user gets is some sort of annoying ad notification rather than a message from a potential date.

For instance, one of the applications that at first glance looks like Tinder is in fact a banking Trojan that constantly requests Accessibility service rights, and upon getting them, grants itself all rights necessary to steal money from the user. Another names itself as ‘Settings’ right after installation, shows a fake ‘error’ message and later disappears, with a high likelihood it will return with unwanted ads a few days later.

Тop 10 detections by the number of attacked Kaspersky users
Detection name

1 HEUR:Trojan.AndroidOS.Hiddapp.ch
2 HEUR:Trojan.AndroidOS.Boogr.gsh
3 UDS:DangerousObject.Multi.Generic
4 not-a-virus:HEUR:AdWare.AndroidOS.MobiDash.z
5 not-a-virus:HEUR:AdWare.AndroidOS.Mobidash.ai
6 not-a-virus:HEUR:RiskTool.AndroidOS.Frime.a
7 HEUR:Trojan-SMS.AndroidOS.Opfake.a
8 not-a-virus:HEUR:RiskTool.AndroidOS.Dnotua.ixj
9 not-a-virus:HEUR:AdWare.AndroidOS.Mobidash.ag
10 UDS:DangerousObject.AndroidOS.GenericML

Cybercriminals who specialize in phishing also do not miss the chance to feed on those seeking to find love. Fake copies of popular dating applications and websites, such as Match.com and Tinder, flood the internet. Users are required to leave their personal data or connect to the applications via their social media account. The result is not surprising: the data will later be used or sold by cybercriminals, while the user will be left with nothing.

Statistics also demonstrate that the interest towards the topic of love does increase ahead of Valentine’s Day. For instance, the number of clicks on the phishing version of the PeopleMedia website grew more than two-fold almost a month before the Valentine’s Day.

“Love is one of those topics that interests people universally, and, of course, that means that cybercriminals are also there. Online dating has made our lives easierand yet uncovered new risks on the path to love. We advise users to stay attentive and use legal versions of applications that are available in official application stores. And, of course, we wish you best of luck finding the perfect date for this special day”, comments Vladimir Kuskov, head of advanced threat research and software classification at Kaspersky.

To avoid cyber risks ahead of Valentine’s day, Kaspersky recommends:
• Always checking application permissions to see what your installed apps are allowed to do
• Not installing applications from untrusted sources, even if they are actively advertised, and block the installation of programs from unknown sources in your smartphone’s settings
• Finding out more information about the dating website you are planning to visit: look into its reputation on the internet and try to find user feedback
• Using a reliable security solution like Kaspersky Security Cloud that delivers advanced protection on Mac, as well as on PC and mobile devices


To use dating apps safely, Kaspersky recommends:

• Avoiding sharing too much personal information with strangers
• Making sure that the person you are meeting is real, as fraudsters often use fake profiles for scams


Aucun commentaire:

Enregistrer un commentaire