According to Bitdefender, the lures are pretty convincing. For instance, one reads, “Hey, how are you doing? I’m still recovering from last night. :-) Relaxing with a game on my phone, castle clash. Have you heard about it? Play with me and you may get my phone number.”
And of course, it contains a link to a fake version of the Castle Clash game.
While it may be engaging banter, there are no human hands behind the messages. “After users swipe the right button on Tinder to indicate that they like a profile, the bots engage users in automated conversations until they convince them to click on a dubious link,” explained Catalin Cosoi, chief security strategist at Bitdefender, in a blog. “The name of the URL gives the impression of an official page of the dating app and for extra legitimacy scammers also registered it on a reputable .com domain.”
Bitdefender Labs is investigating both the Android application and the picture heist. The scam appears to be geo-specific: British users are lured to fraudulent surveys and dubious competitions for ASDA and Tesco vouchers, while Tinder users in the US are brought to the Castle Clash game download.
The approach of leveraging legitimate apps is not unique, sadly. Advertising techniques that promote Google Play applications through scareware have been used for a couple of years; often these ads promoting legitimate Google Play apps subscribe people to expensive services such as wallpaper downloads.
The anti-virus company has also discovered a similar ad campaign targeting National Geographic mobile users with scareware, saying they have been infected with malware. The ad “technique” abusively redirected users to a Google Play app that would clean their Android device, the firm explained.
“Dubious advertising techniques try to redirect users to various apps and downloads,” Cosoi said. “This time, scammers managed to mess with the website of a famous international brand to gain extra-exposure and add legitimacy to their message. From kids to grown-ups – who wouldn’t believe National Geographic?”
Castle Clash developer IGG told Bitdefender that it is “already aware of this issue and we are currently investigating into it. We are also being victimized in this issue therefore we are grateful for being informed.” Bitdefender has also notified the photography studio where the bots’ pictures were stolen from.
The firm has published a guide to using Tinder safely. The main tip is to use common sense.
“Tinder bots typically start the conversation by asking users if they have talked before. Men are mostly targeted, as the idea that a beautiful girl will get naked on webcam is so arousing they completely forget security (or reality),” Bitdefender said. “Never click a link you receive via Tinder. It rarely is what it pretends.”