RESEARCHERS have uncovered an “emotionally manipulative” extortion campaign putting users at risk.
Over 250 dodgy apps have been uncovered, which are forcing victims of the scam to pay up.
4
Dodgy apps uncovered
Security researchers Zimperium zLabs claimed to have found more than 250 Android apps, all pretending to be dating and romance apps.
Zimperium calls the campaign SarangTrap, as it has mostly targeted people living in South Korea.
On the surface, the apps look slick and well-designed, hiding the usual telltale signs of scam pages.
4
However, behind the scenes, the apps work as info-stealers, taking user contact information, photos and data from their devices.
Due to the nature of the apps, the victims were lured in with “emotionally charged interactions”.
If the threat actors find any incriminating information on the compromised devices, they reach out to the victim and threaten to share it with their family, friends, and partners, unless a payment is made.
Ways to stay safe
Out of the 80 domains used in this campaign, many were allegedly indexed by popular search engines.
This means that for victims who tend to be scam-savvy, they appear legitimate.
The zLabs research team said: “This is more than just a malware outbreak; it’s a digital weaponisation of trust and emotion.
“Users seeking connection are being manipulated into granting access to some of their most personal data.”
4
The zLabs team have provided advice on how to avoid falling victim to the scam.
Users should avoid downloading apps from unfamiliar links or unofficial app stores.
This is because the more than 250 apps, a part of SarangTrap could not be found on Playstore or App Store.
Malware can sometimes find its way onto these well now app stores, but Google and Apple are diligent with protecting their users.
As a result, it is a lot harder to pick up malware on the official store rather than a third-party system.
The zLabs researchers also recommended that users should be careful of apps requiring unusual permissions or an invitation code.
Other advice to users includes regularly reviewing the permissions they granted and installed profiles they operate, and they should install on-device mobile security solutions that can help detect and block malware.
Advice for dating app users
While this particular scam came from users downloading malware from third-party app stores, there are always ways for users to protect themselves on dating apps.
Advice service Brook tell users to always check the person you are speaking to is who they say they are.
4
This may involve taking time with a person, and don’t feel pressured to do anything before the user feels ready.
For more common apps which are trusted, ensure to stay in the app rather than giving the person the user’s number.
They also recommend not sharing any private information or imagery.
