- Researchers found 250+ fake dating -Apps targeted Android users
- The apps ask extensive permissions and end up stealing sensitive files
- Victims are later extorted under the threat of releasing the files to friends and family
An “emotionally manipulative” extortion campaign has been seen as exploitation of hundreds of mobile apps across mobile ecosystems.
Security scientists ZIMPERIUM ZLABS claimed to have found more than 250 Android apps, all of which pretend to be dating and romance -apps.
While they all look smooth and well designed, they all act as infosteals and grab contact information, photos and other data from the devices. In some cases, the victims were lured to give access through “emotional interactions” and exclusive “invitation codes”.
How to remain safe?
Zimperium calls the campaign Sarangtrap, as it is targeted mostly people living in South Korea.
If the threat actors find any criminal information about the compromised units when they reach the victim and threaten to share them with their family, friends and partners unless a payment is made.
“This is more than just a malware outbreak, it’s a digital weapon of trust and emotion,” said the Zlabs research team. “Users seeking connection are manipulated to give access to some of their most personal data.”
To make it worse, many of the 80 domains used in this campaign were allegedly indexed by popular search engines, making them seem legitimate for victims who want to make their Due Dilency.
In its report, Zimperium advises mobile users against downloading apps from unknown links or unofficial app stores that suggest that none of the 250+ apps used in the campaign could be found in the Play Store or App Store.
Apple and Google are quite diligent when it comes to their app stores, and while Malware finds its way in from time to time, it’s much harder to pick up malware in the official store than on an undeveloped, third party.
Users must also be careful with apps that require unusual permissions or invitation code, regularly review the permissions they have granted and installed profiles they driver, and should install mobile security solutions that can help register and block malware.
