Internet nasties get down and dirty with Tinder

It seems you’re not safe from scams and malicious code where ever you go online, and aside for the threats coming in over email and websites, now Tinder users even have to be on the look out.

The news comes courtesy of Bitdefender, with word that fake users are infiltrating the personal app and network encouraging people to click on a malicious link that appears to be from Tinder, but is merely just a form of malware for a mobile phone, subscribing users to premium messaging services that will, in the end, cost you money.

Fake users with names like “Cherry” and “Haley” are popping up complete with real photos stolen from a photographic studio in America, but sending out practically automated messages.

If you end up talking to one of these on the Tinder app, the scripted conversation will start as your basic hi, hello, what are you doing, and so on, leading the scripted conversation down a path of “relaxing with a game” which leads it to tell you about “Castle Clash.”

It’s one of those silly conversations, and chances are if you ever met the person in real life and they said something like this, you’d ignore them and move on, but with Tinder being about getting to know someone, it’s possible you’ll give this “Castle Clash” a try.

And that would be fine normally because “Castle Clash” is a real game, except the link the bot will send you isn’t to the game, but rather to a malicious piece of code it wants you to install on your phone.

“After clicking on the links spread by the Tinder bots, users are directed to a fake website that appears to be an official page of the dating app,” said Catalin Cosoi, Bitdefender’s Chief Security Strategist. “After clicking on the “install” button, users are redirected to the Castle Clash app.”

“In other Tinder scams, users may indeed be lured to dangerous links that hide mobile malware. If they get infected, they may have their personal data stolen such as their list of contacts, passwords and usernames. Typical mobile malware downloads subscribe users to premium messages for services ranging from horoscope to diets or cupcake recipes.”

We did check with Bitdefender to see if other services like Tinder are effected, but as of right now, the company “is not aware of any bots spreading malicious or dubious links on Grindr,” though users there “could be exposed to similar vulnerabilities,” said Cosoi, adding that “in 2012, the personal details of more than 100,000 Grindr users were exposed after a hacking attack.”

Obviously, the best advice here is to avoid fake users, lest you want your mobile compromised, but that can be harder to do, so rather, never click on a link on Tinder, which will make it harder for would be scammers to con you in the first place.