Swipe right, chat to a fake user and your personal data could be stolen.
A series of bots have invaded dating app Tinder and are spreading dangerous downloads after luring users with tempting profiles and pictures, an antivirus developer has discovered.
Bitdefender Labs is currently investigating both the Android application and the bots that seem to have stolen pictures from an Arizona-based photography studio. Some of these images are also being used for fake Facebook profiles.
Catalin Cosoi, chief security strategist at Bitdefender, said: "After users swipe the right button on Tinder to indicate that they like a profile, the bots engage users in automated conversations until they convince them to click on a dubious link.
"The name of the URL gives the impression of an official page of the dating app and for extra legitimacy scammers also registered it on a reputable .com domain."
Bitdefender warns users to be aware of this risk, and advises that a typical bot message reads: "Hey, how are you doing? I'm still recovering from last night? Relaxing with a game on my phone, castle clash. Have you heard about it? Play with me and you may get my phone number."
The scam is geo-specific: British users are lured to fraudulent surveys and dubious competitions for ASDA and Tesco vouchers, while Tinder users in the US are brought to the 'Castle Clash' game download.
Castle Clash developer IGG has said that this issue is currently looked in to. IGG's Jiayan Wu, commented: "We are aware of this issue and we are currently investigating into it. We are also being victimized in this issue therefore we are grateful for being informed." Bitdefender has also notified the photography studio where the bots' pictures were stolen from.
This is not the first time that the dating app has come under attack from bots spreading dubious or malicious links. To guard against this threat, Bitdefender recently published a security and privacy guide to help users "tinder" more safely.
The antivirus software company has also discovered a similar ad campaign targeting National Geographic mobile users with scare ware saying they have been infected with malware. The ad "technique" abusively redirected users to a Google Play app that would clean their Android device.