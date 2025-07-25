Zimperium released a report on Wednesday uncovering a large-scale malware campaign called SarangTrap that uses fake dating and social networking apps to steal sensitive personal data, Infosecurity Magazine reports.

According to the report, the operation employs various emotional manipulation techniques, including fake accounts, invitation-only access, and authentic app interfaces, in order to lure victims, particularly in South Korea, on iOS and Android devices. The apps are designed to replicate authentic services in order to steal user data, including private images, contacts, SMS messaging content, and device identifiers. Once the app is installed, it has a polished interface, and its permissions appear necessary to activate all features. The user is asked to enter a code that enables the app to use its spyware routines undetected. After gaining access, the app transmits the data to a server as an outbound connection controlled by the attackers. The threat actors behind the operation registered 88 unique domains, more than 70 of them being actively used to distribute malware. At least 25 of the domains were indexed by legitimate search engines such as Google under common keywords, which include file sharing, dating, and social networking. This gave the malicious sites a legitimate feel, which would entice users to trust them. The company also identified more than 250 Android malware samples, most of them with minor or publicly notable changes, sometimes intentionally set without key permissions to avoid detection. However, less visible permissions do not restrict these apps from stealing personal information. Despite the SarangTrap campaign being under scrutiny, it is still active and progressing.