Tinder Invaded by Bots Spreading "Castle Clash" Downloads

A series of bots have invaded dating app Tinder and are spreading “Castle Clash” downloads after luring users with tempting profiles and pictures. The Bitdefender Labs are currently investigating both the Android application and the bots that seem to have stolen pictures from an Arizona-based photography studio. Some are also being used for fake Facebook profiles.

After users swipe the right button on Tinder (to indicate they like a profile), Cherry, Haley and other bots engage in automated conversations until they convince them to click on a dubious link. The name of the URL (“Tinderverified”) gives the impression of an official page of the dating app. For extra legitimacy, scammers also registered it on a reputable “Å“.com” domain.

“Hey, how are you doing?” a typical bot message reads. “I’m still recovering from last night 🙂 Relaxing with a game on my phone, castle clash. Have you heard about it? http://tinderverified.com/castleclash[removed]. Play with me and you may get my phone number.”

The scam is geo-specific: Tinder users in the US are brought to the Castle Clash download, while Brits and others are lured to fraudulent surveys and dubious competitions for ASDA and Tesco vouchers.

Castle Clash developer IGG said they are investigating.

“Thank you for bringing this issue to us,” IGG’s Jiayan Wu told HotForSecurity. “We are already aware of this issue and we are currently investigating into it. We are also being victimized in this issue therefore we are grateful for being informed.”

Bitdefender has also notified the photography studio where the bots’ pictures were stolen from. We will update the post with additional information on the Castle Clash app.

This is not the first time when Tinder is under attack from bots spreading dubious or malicious links. For Valentine’s Day, Bitdefender has published a security and privacy guide to help users “tinder” more safely.

The antivirus software company has recently discovered a similar ad campaign targeting National Geographic mobile users with scareware saying they have been infected with malware. The ad “technique” abusively redirected users to a Google Play app that would clean their Android device.

TechCrunch has also published details on the Tinder exploit.