Stay Safe Online with Wise Learner Hub — Unveil the Future of Tech

Data Thieves Disguise as Romantic Apps to Swipe Sensitive Information

Massive malware strategy named SarangTrap discovered employing fraudulent dating applications to acquire private data, specifically focusing on South Korean individuals.

, and Administrator

2025 September 25 . 6:09 AM

2 min read

Deceptive Cyber Attacks Posing as Romantic Software to Rob Information

Data Thieves Disguise as Romantic Apps to Swipe Sensitive Information

In a recent development, mobile security researchers have uncovered a large-scale malware campaign that targets users through fake dating and social networking apps. Dubbed as the SarangTrap operation, this malicious activity remains active and continues to evolve, making vigilance more critical than ever.

The operation, named 'SarangTrap', spans both Android and iOS platforms. Users are prompted to enter a code that triggers hidden spyware routines, allowing the malware to access and extract a wide range of personal data, including contacts, private images, SMS content, and device identifiers.

The apps mimic legitimate services but are designed solely to siphon user data. At least 25 of these malicious domains have been indexed by search engines like Google, ranking for common keywords such as dating, file sharing, and social networking.

One reported case involved a man grieving a breakup who was targeted via a fake dating profile and had his device compromised after downloading an app from a phishing link and entering a code. In newer Android samples, developers have removed SMS permissions from the manifest file while retaining the code for message exfiltration, suggesting ongoing experimentation to bypass security scans while maintaining spyware functions.

For iOS users, the campaign uses malicious mobile configuration profiles instead of traditional app installations. Over 250 malicious apps and more than 80 phishing domains have been used in the campaign.

Zimperium, a mobile security company, has warned users to be cautious of apps demanding invitation codes or unusual permissions, avoid third-party app stores, and regularly review installed profiles and security settings. The threat actors behind SarangTrap are believed to be North Korean state-sponsored cyber actors targeting South Korean military and government entities.

Attackers using the SarangTrap malware have been known to use stolen content to blackmail users, threatening to expose personal videos to their families. The malware uses emotionally manipulative tactics, such as fake profiles, exclusive 'invitation codes', and convincing app interfaces.

After the app gains access, it silently transmits sensitive data to an attacker-controlled server. The SarangTrap operation is a reminder for users to remain vigilant and to exercise caution when downloading apps, especially those that demand unusual permissions or request for invitation codes.