Kaspersky researchers evaluated the risks and challenges of using dating apps Tinder and Badoo, which they found out criminals use as a bait to spread mobile malware or steal personal data. When successful, malicious software could either send unsolicited ads or exploit financial credentials for subscriptions.

The analysis of malware using the names of over 20 popular dating applications and the keyword “dating” showed 1,963 unique files were spread in 2019 under the guise of legitimate applications. Notably, two-thirds of them were masking under Tinder (1,262 files) and another sixth was linked to Badoo (263 files); both are applications recognized worldwide.

The danger these malicious files bring varies from file to file, ranging from Trojans that can download other malware to ones that send expensive SMS, to adware, making it likely every ping a user gets is some sort of annoying ad notification rather than a message from a potential date.

Have you read Kaspersky: Financial phishing grows by 9.5% during the holiday season?

For instance, one of the applications that at first glance looks like Tinder is, in fact, a banking Trojan that constantly requests accessibility service rights. Upon getting them, it grants itself all rights necessary to steal money from the user. Another names itself as “Settings” right after installation, shows a fake ‘error’ message and later disappears, with a high likelihood it will return with unwanted ads a few days later.

Fake dating apps

Cybercriminals who specialize in phishing also do not miss the chance to feed on those seeking to find love. Fake copies of popular dating applications and websites, such as Match.com and Tinder, flood the internet. Users are required to leave their personal data or connect to the applications via their social media account. The result is not surprising: the data will later be used or sold by cybercriminals, while the user will be left with nothing.

Cybercriminals who specialize in phishing also do not miss the chance to feed on those seeking to find love. Fake copies of popular dating applications and websites, such as Match.com and Tinder, flood the internet. Users are required to leave their personal data or connect to the applications via their social media account. The result is not surprising: the data will later be used or sold by cybercriminals, while the user will be left with nothing.

To avoid cyber risks ahead of Valentine’s day, Kaspersky recommends:

• always checking application permissions to see what your installed apps are allowed to do
• not installing applications from untrusted sources, even if they are actively advertised, and block the installation of programs from unknown sources in your smartphone’s settings
• finding out more information about the dating website you are planning to visit: look into its reputation on the internet and try to find user feedback
• using a reliable security solution like Kaspersky Security Cloud that delivers advanced protection on Mac, as well as on PC and mobile devices

To use dating apps safely, Kaspersky recommends:

• avoiding sharing too much personal information with strangers
• making sure that the person you are meeting is real, as fraudsters often use fake profiles for scams