Popular dating app Tinder has been invaded by a series of flirty bots that lure users with tempting profile pictures before spreading “Castle Clash” downloads via conversation feeds.
According to anti-virus software company Bitdefender, users should be cautious when searching for new matches on Tinder, especially given its status as the number one social networking app in the Australian iTunes App Store.
Bitdefender is currently investigating both the Android application and the bots as it appears the pictures used by the bots have been stolen from an Arizona-based photography studio, while some images are also being used for fake Facebook profiles.
According to Bianca Stanescu, Bitdefender Security Expert, after users swipe to indicate they like a profile on Tinder, ‘Cherry’, ‘Haley’ and other bots engage in automated conversations until they convince users to click on the malicious link.
“The name of the URL (“Tinderverified”) purports to be an official Tinder page and has even been registered with a “.com” domain for added credibility,” Stanescu says.
A typical bot message reads “Hey, how are you doing?”, “I’m still recovering from last night J Relaxing with a game on my phone, castle clash. Have you heard about it? http://tinderverified.com/castleclash[removed]. Play with me and you may get my phone number.”
Australia is one of the world’s biggest adopters of Tinder, with users increasingly exposed to a series of third-party scams as well as privacy dangers. This is also not the first time Tinder has been under attack from bots spreading malicious links.
A similar ad campaign targeting National Geographic mobile users with scareware has also been identified by Bitdefender warning mobile users that they have been infected with malware. The ad campaign aggressively redirects users to a Google Play app that wipes the Android device.
Bitdefender has contacted both the Castle Clash developer and the photography studio to investigate the copyright and identity theft. Castle Clash developer IGG said they are investigating the issue.
Below are some tips and tricks to help users stay away from the risks posed by Tinder bots and similar dangers:
· Tinder bots typically start the conversation by asking users if they have talked before. Australian men are mostly targeted.
· Fake profiles will continue to appear on the dating app and scammers often target users in a precise region by faking their location. Users are warned not to trust their “matches” just because they seem to be Australian.
· Never click a link received on Tinder. In addition to falling victim to malicious URLs in conversations, Australians may also get scammed when they click the links in the ‘About’ section of user profiles.
· Social engineers and stalkers may easily source personal user details due to the connection between Tinder and a user’s Facebook contact list to show common friends with potential matches.
· Avoid excessive sharing of pictures and information and revise Internet habits. Look for information about yourself on search engines to better understand the information that is readily available to the public already.
· Avoid posting pictures with children. Apart from the dangers posed by paedophiles and stalkers, cyber-criminals may steal the pictures and use them in spam for commercial purposes.
· Increase anonymity by connecting with a dedicated Facebook account that only has a couple of pictures.