- Researchers found more than 250 false dating applications targeting Android users
- Applications require extensive authorizations and end up stealing sensitive files
- The victims were later extorted under the threat of publishing the files of friends and family
An extremely manipulative extortion campaign was spotted by taking advantage of the hundreds of mobile applications through mobile ecosystems.
Zlabs zlabs safety researchers claimed to have found more than 250 Android applications, all pretending to be dating and romance applications.
Although they all look smooth and well designed, they all work as an infostators, entering the coordinates, photos and other data of the devices. In some cases, the victims were attracted by access by “emotional interactions” and exclusive “invitation codes”.
How to stay safe?
Zimperium calls the Sarangtrap campaign because it mainly targets people living in South Korea.
If threat actors find incriminating information on compromise devices, they contact the victim and threaten to share it with their family, friends and partners, unless a payment is made.
“It is more than just epidemic of malicious software, it is a digital armament of confidence and emotion,” said the Zlabs research team. “Users looking for connections are handled to grant access to some of their most personal data.”
To worsen things, out of the 80 areas used in this campaign, many would have been indexed by popular search engines, which made them seem legitimate for the victims who seek to show reasonable diligence.
In his report, Zimperium advises mobile users against the download of applications from unknown links or unofficial application stores, suggesting that none of the 250+ applications used in the countryside could be found on the Play Store or the App Store.
Apple and Google are fairly diligent with regard to their application standards, and although malware is found from time to time, it is much more difficult to collect malware on the official store, than on an unsuitable third party.
Users must also pay attention to applications requiring unusual authorizations or invitation code, regularly examine the authorizations they have granted and install the profiles they work and must install mobile security solutions on devices that can help detect and block malware.
