Don’t let your desire for love turn into lust for data

Asking for money or intimate photos is out of date. Romance scams are getting more sophisticated.

Late winter with both Valentine’s Day and International Women's Day is not always about bouquets, chocolate, and romantic dinners. For some, this period may be highlighting how sad and lonely some may feel. This feeling of loneliness, combined with a desire for a partner, is what many scammers prey upon.

With cybersecurity finally getting well-deserved attention in recent years, chances are that you’ve already noticed warnings about romance scams long before now. Using social networks and chat applications, scammers can pretend to be potential lovers, and after they open their victim’s heart, they also try to open their wallet.   

However, with increasing levels of general digital security awareness, scammers’ tactics have evolved. Some no longer directly ask for money because, for example, their imaginary relative needs surgery. Instead, they send you just one risky sentence: “Let’s go chat somewhere else.” 

Often, the victim is led down a path to a new unknown app, one that is offered on third-party app stores or websites that prompt you to download spy tools that are capable of reading your private data stored in your smartphone like it’s an open book. In these cases, your only defense is to have a reliable cybersecurity solution that can detect the app’s suspicious activities running in the background while you two lovebirds are chatting.    

Since ICQ, "I Seek You," one of the most popular online messaging apps to hit the internet in the mid-1990s, introduced its service globally, the popularity of messaging apps has seen constant growth. 

Let’s take one of today’s most popular messaging apps, WhatsApp, as an example. Since its launch on February 24, 2009, WhatsApp has been constantly growing, reaching 2.49 billion quarterly users in Q3 2023.  

Overall, the number of people using messaging apps surpassed 3.3 billion in 2023, with the vast majority using three services: WhatsApp, Facebook Messenger, and WeChat. 

However, scammers have also been looking at those numbers amorously, and messaging apps have quickly become a platform for both phishing and online romance scams, amongst other threats. 

In just three years – from 2019 to 2022 – the amount of losses attributed to romance scams reported to the U.S. Federal Trade Commission (FTC) rose from $493M to $1.3B. Social networks and messaging applications were the first contact platform for 59% of those who said they lost money to a romance scam in 2022.  

These numbers get even more serious when considering that the vast majority of fraud isn’t even reported to the government. A study conducted in 2021 found that only 4.8% of people who experienced mass-market consumer fraud bothered to complain to the non-profit Better Business Bureau or a government entity.

Some recent cases show that romance scammers are not only going after your money but also lusting for data. Spyware inserted in apps has become a serious issue, and the latest ESET Threat Report calls attention to a surge in Android spyware detections, which have risen by 88.9%. 

In the past, spying chat apps were often nonfunctional, and a targeted person could quickly figure out that something was not right and delete it immediately. Nowadays, these malicious apps are actually doing what victims expect them to do. For example, threat actors make a copy of a legitimate open-source functional chat app and just change its visuals. This means that the targeted person may not get suspicious and can be monitored for a long period of time.     

In June 2023, ESET researchers published a blog about Android GravityRAT spyware being distributed within malicious but functional messaging apps BingeChat and Chatico, which were both based on the OMEMO Instant Messenger app. The spyware can exfiltrate call logs, contact lists, SMS messages, device location, basic device information, and files with specific extensions such as jpg, PNG, txt, pdf, etc. 

The apps mentioned above were only available on phishing websites, not via official or third-part app stores, but how potential victims were tricked to go there and download them remains a mystery. However, when researchers at Qihoo 360, a Chinese cybersecurity company, analyzed different fake but functional chat apps bundled with spyware, they found that the motivation behind victims downloading these apps was due to “matters of the heart.” 

In this case, attackers created multiple accounts on Facebook pretending to be love-seeking female users and added relevant Pakistani military personnel as friends to further obtain their contact information. Then, with the fake profiles and their hidden agenda, they wrote to victims that they were interested in pursuing a relationship, and had “found” a great new app where they could chat further.  

While the individuals targeted probably thought they were falling head over heels in love, they were in fact unwillingly feeding threat actors sensitive personal information, along with military intelligence.

To avoid being scammed, let’s begin with the basics and go through common romance scam red flags. 

• Making excuses to avoid meeting: The scammer will avoid a meeting in person despite repeatedly stating that they are willing to do so. 
• Things are moving too fast: Your new “partner” will express deep interest/affection and perhaps a desire for intimacy despite your having been chatting for only a few days. 
• Asking for money: Romance scammers often come with a heartbreaking story concerning why they need money as soon as possible. They can also pose as rich people who can pay their debts with interest but “right now, cannot access their funds.”  
• Leaving secure communication: The scammer may ask to leave a dating service or social media site to communicate directly.

Your chances of being scammed will also rapidly decrease when you use only trustworthy app stores with strict app review policies.  

In case you’ve downloaded a malicious app, it’s good to have a powerful antivirus operating on your phone. This may be especially useful in cases where the app is fully functional and does not raise any obvious red flags.

ESET Mobile Security (EMS) can detect and block threats during the download process, even before installation occurs. This means that the threat never reaches the user. EMS can also be used to scan already existing apps to double-check that you haven’t bought the devil in disguise. 

Moreover, EMS provides the user with real-time file system protection that scans all files in download folders for malicious code when opened, created, or run.   

In the case of a malicious app or download, EMS alerts users that malicious code has been detected – as seen in the picture below. 

You can also perform an on-demand scan anytime you want with two possible options: 

1. Smart Scan goes through installed applications, executable files, SO files (SO stands for shared libraries), archives with a maximum scanning depth of three nested archives, and SD card content.

2. In-depthScan will check all file types, regardless of file-extensions, both in internal memory and on SD cards. 

When it comes to discussion of how to avoid disappointments in love, you often hear tips like “follow your mind, not your heart.” But if you are targeted by a sophisticated romance scam, chances are that such advice won’t help.

In cases where your perception fails, you need reliable software equipped with advanced scanning capabilities to show you what your new chat app and new wannabe partner truly are.