People who search for love are more vulnerable than happy couples. Especially people who lost their Tinder Account because Tinder has banned them.

There is a malware out there which targets exactly this kind of people. If you search for “unban tinder” on Google and or YouTube you find many videos and sites which recommend the “Tinder++” App.

Tinder++ aims to bring you free Tinder Gold and unban your Account. People on sites and videos which recommend the App talk that the Tinder ban is only per Device and they found a way to get around this ban.

But Tinder++ is no App you can get from the Google Play Store or even F-Droid. No! You have to download the App from suspicious sites …

So I found this Scheme and I wanted to Stop it.

I am the kind of people which look at the Header of Spam-Mails and report the sender or linked URLs to the Domain registrar, Hoster, DNS-Provider and Blocklists. Because we live in a civilized world and well known Provider don’t wanna host Spammers or other Assholes.

But how did I fight them?

  • I downloaded the file and uploaded it to VirusTotal
    • This showed that the file is clearly harmful
  • I reported the YouTube Videos and made a comment with the VirusTotal Link and a warning about the App
  • I checked the Whois Data which gave me the information that the site uses Namecheap as Domain Provider and Cloudflare as DNS-Provider
  • I reported the Domain to Namecheap and Cloudflare
    • Namecheap replied after checking the site that they can do nothing and I need to contact Cloudflare (which I already did)
  • I created a Hosts-File with the domains and added my Blocklist to my pfBlockerNG instance (so you can’t access the malware in my network anymore)
  • I contacted Tinder and informed them too

Notes

  • The sites seems to only show you the APK-File if you visit it via a Android Smartphone, so they seem to check the User-Agent, Resolution or something else
  • I think you would be surprised how many provider really look into SPAM / Malware sites and try to do something. I have written emails about cases like this or simple SPAM cases over Days and the provider I contacted often contacted additional involved provider.
    • If you get a SPAM or phishing mail you should report them because the spammers often use a legal provider in their chain and that provider often is a victim himself (because he is used for illegal activity which puts him in a bad light)
  • The site seems to do various other scam surveys too: https://silzee.com/jailbreak/apphacks/

Current status

At the time of this writing the site which distributes the malware is still out there. I haven’t received any notification about the current status from either YouTube or Cloudflare. (And I honestly don’t think I get a reply from YouTube - I mean even Woz needed to sue YouTube because they didn’t reply to him …)

But please don’t get this wrong! Many provider do something if they can prove that there is something illegal going on.

Update

The Head of Trust & Safety at Cloudflare (Justin) reacted to my Tweet but hasn’t found “definitive proof it’s malicious”. I hope he looks a little bit closer because I see a site full of scam.