- Researchers found 250+ fake dating apps targeting Android users
- The apps ask extensive permissions and end up stealing sensitive files
- Victims are later extorted under threat of releasing the files to friends and family
An “emotionally manipulative” extortion campaign has been spotted leveraging hundreds of mobile apps across mobile ecosystems.
Security researchers Zimperium zLabs claimed to have found more than 250 Android apps, all pretending to be dating and romance apps.
While they all look slick and well-designed, they all work as infostealers, grabbing contact information, photos, and other data from the devices. In some instances, the victims were lured into granting access through “emotionally charged interactions”, and exclusive “invitation codes”.
How to stay safe?
Zimperium calls the campaign SarangTrap, as it targets mostly people living in South Korea.
If the threat actors find any incriminating information on the compromised devices, they reach out to the victim and threaten to share it with their family, friends, and partners, unless a payment is made.
“This is more than just a malware outbreak, it’s a digital weaponization of trust and emotion,” said the zLabs research team. “Users seeking connection are being manipulated into granting access to some of their most personal data.”
To make matters worse, out of the 80 domains used in this campaign, many were allegedly indexed by popular search engines, making them appear legitimate to victims looking to do their due diligence.
In its report, Zimperium advises mobile users against downloading apps from unfamiliar links, or unofficial app stores, hinting that none of the 250+ apps used in the campaign could be found on the Play Store, or App Store.
Apple and Google are quite diligent when it comes to their app repositories, and while malware finds its way in from time to time, it’s a lot harder to pick up malware on the official store, than on an unvetted, third-party one.
Users should also be careful of apps requiring unusual permissions or invitation code, regularly review the permissions they granted, and installed profiles they operate, and should install on-device mobile security solutions that can help detect and block malware.
