Fake Dating Apps Found as Top Source of Malware in Africa

Fake dating mobile applications were found to be a top source of malware in Africa. According to a research from Kaspersky, 7,734 attacks from 1,486 threats were detected, affecting 2,548 mobile users from the continent. The countries with the most recorded attacks were South Africa with 58%, as Kenya (10%) and Nigeria (4%) trail behind.

To boost their authenticity, the malicious replica apps usually copied the names and designs of popular legitimate dating apps such as Tinder, Bumble, and Zoosk. The fake apps were used as a lure for propagating malware or for collecting personally identifiable information (PII), which can then be sold or used in phishing scams. The users who downloaded these apps were also usually pestered with unwanted ads, or ended up paying for expensive subscriptions.

The researchers further revealed that one of the fake apps was unmasked as a banking trojan that persistently requested accessibility rights. When granted, the threat actors then possess the necessary rights to steal money from the app user.

[Read: A Practical Guide to Mobile Safety]

 

The danger does not stop with using fake dating apps. Unfortunately, as divulged in a research by the Trend Micro Forward-Looking Threat Research Team, even legitimate dating apps can be abused by cybercriminals. In their study, researchers observed user profiles in dating apps. They took this a step further by setting up “honeyprofiles,” honeypots in the form of fake accounts that were used as bait for threat actors.

As the research disclosed, the sheer amount of information many people share without second thought (full name, contact details, and sometimes, even home and office addresses) make users vulnerable to threats such as identity theft and scams. Malware can also be propagated through the apps’ messaging feature, as most of the apps do not flag messages with malicious content. As personal phones are also often used for work-related purposes, these threats can easily transcend to the enterprise.

[Read: Can Online Dating Apps be Used to Target Your Company?]

 

The victims of these fake apps are unwitting users who are seeking connections, but instead find malware. Fortunately, with the right amount of caution, this doesn’t have to be the case. App users can safeguard their systems from compromise by doing the following simple steps:

• Apps should be installed only from trusted sources, and should be double-checked if it is the actual app or a convincing replica of the real one.
• Configuring permissions is important to ensure that the apps only have access to necessary data and nothing more.
• Disclosing too much personal information in profiles should be avoided, especially home and work addresses and contact details that can be used for scamming or physically locating the user.
• App users should be careful while sending messages online. Although dating apps are used to meet new people, the warning “Don’t talk to strangers” became popular for a reason. There are also plenty of fake profiles which are used to harvest personal data.
• Links sent through online messages should be carefully inspected.

Users can also invest in the Trend Micro™ Mobile Security solution, available for both Android and iOS. It helps protect against identity theft and phishing. It also blocks fraudulent websites and safeguards privacy on social media.