How Dating Apps Became Vectors for Cyber Attacks and Influence Operations

In recent years, a growing number of documented cases have shown how dating-oriented platforms are consistently being exploited and weaponized by threat actors to deliver both cyber and cognitive threats. 

Dating platforms are inherently built around the promise of intimate connection through the sharing of personal information. This premise hints at why such platforms may be attractive to state and non-state actors seeking to identify, assess, and exploit potential targets. 

In this blog, we highlight various recurring uses of dating platforms in today’s hybrid threat landscape, spanning intelligence collection and recruitment, malware delivery, and hostile narrative manipulation.

Figure 1 – Kill chain models integrating dating-oriented platforms.

Dating Apps as Threat Channels

Intelligence Collection and Recruitment

According to a recent analysis by EUvsDisinfo, since Russia’s full-scale invasion in 2022, dating apps such as Tinder have reportedly been abused by different actors.[1] Recently, the Ukrainian Ministry of Defense has warned that inauthentic female personas, or accounts posing as law enforcement officials, initiate contact, build trust, collect personal information, and eventually shift toward blackmail or recruitment. The Security Service of Ukraine (SBU) identified similar methods involving fake profiles that gathered information before pressuring targets to cooperate. This kind of activity has also been reported outside Ukraine. Germany’s Military Counterintelligence Service (BAMAD) stated that Russian intelligence operatives used Tinder to target politicians and soldiers. 

In some cases, recruitment has moved beyond information collection. In July 2025, the SBU arrested a woman who was reportedly recruited through a dating platform and instructed to plant a bomb in a hotel. In November 2025, authorities arrested a man in Nikopol accused of passing Ukrainian defense positions to Russian artillery after being recruited in a similar manner.

These recent cases exemplify a repeated pattern: dating apps increasingly serve as effective tools for identifying vulnerable individuals and, in some cases, recruiting them for intelligence purposes.

Hostile Influence and Narrative Manipulation

In recent years, dating platforms and forums have been increasingly exploited and integrated into influence attack chains. Observed cases have shown attackers utilize seemingly-innocent female personas on social media platforms and dedicated dating sites to garner exposure, proliferate narratives, or generate “source material” that could be leveraged for narrative manipulation. 

According to the EUvsDisinfo analysis, a fake Tinder account was used in Ukraine in 2018 as part of a campaign against a senior police official.[2] Manipulated screenshots of a private dating conversation were leaked online, triggering public reactions and damaging trust in law enforcement. 

Another operational model can be found in a recent report by NewsGuard, which uncovered an ongoing PRC-aligned threat activity cluster, targeting Taiwan ahead of the local election expected November 2026. The investigation provides details of “[a] network of 294 coordinated accounts on Meta’s Threads, which launched in May 2026”. NewsGuard’s findings suggest that the identified operational assets are mainly designed to leverage established trust for subsequent narrative amplification. In addition, these sockpuppets can be utilized to study the behavioral patterns of potential targets, before attackers craft and proliferate their political messaging.

Figure 2 – An inauthentic Threads dating account targeting Taiwanese users, according to NewsGuard.[3]

The overall effectiveness of such tactics stems from the credibility assigned to dating-based interactions. An inauthentic dating account can spread a narrative, illicit sensitive information, lure unsuspecting high-value targets, or social-engineer its way to malicious payload delivery.  

Malware Delivery

The same psychological incentives and trust-based dynamics that make dating apps an effective channel for HUMINT recruitment can also make them effective malware delivery vectors. Research from the Center for Strategic and International Studies (CSIS) documented how the terrorist organization Hamas targeted Israeli soldiers through what local officials called “Operation Broken Heart”.[4] The MO was fairly simple. Threat actors used sockpuppets, pretending to be young attractive women on social media platforms and dating apps. They convinced targeted soldiers to download malicious apps onto their mobile devices. Hamas also reportedly developed fake dating apps specifically for this purpose. Once installed, the malware provided access to cameras, microphones, and location data of the victim’s device.

Another similar instance can be found in a 2026 ESET research report.[5] Security researchers identified an Android app called GhostChat circulating in Pakistan. The app resembled a dating platform and presented users with multiple female profiles, each requiring exclusive access credentials. Once installed, the application operated in the background, collecting contacts, files, photographs, and other information from the victim’s device. ESET linked the app to a broader cyber-espionage infrastructure that included fake government websites and WhatsApp-focused scams.

Figure 3 – The malicious GhostChat app requiring access codes to unlock chats

Conclusion

Within the context of sophisticated hybrid threats, such as hostile influence campaigns (HICs) and cyfluence attack chains, dating apps should be considered as largely-unmonitored digital spaces, allowing hybrid threat actors and cyber-criminals to easily exploit a wide array of attack surfaces.

Based on current trends in the foreign information manipulation and interference (FIMI) threat landscape, we expect attempts by threat actors to move laterally across social media platforms to persist. Hostile actors are likely to increasingly turn to unmonitored apps, while continuing to operate under the cover of perceived trust and privacy. 

Influence defense practitioners and cognitive security stakeholders must consider that influence operations may increasingly take place in restricted online spaces that are difficult to monitor. It is therefore crucial to identify and deploy the needed sensors to support ongoing defensive efforts.

[References:]

1. EUvsDisinfo. Tough Love: Spies, Dating Apps, and the Dark Side of Online Intimacy. [online] Published 10 June 2026. Available at: https://euvsdisinfo.eu/tough-love-spies-dating-apps-and-the-dark-side-of-online-intimacy/ (euvsdisinfo.eu).
   

2. NewsGuard Technologies. Chinese Network Launches Hundreds of Fake Dating Accounts to Influence the Next Taiwanese Election. [online] Published 2026. Available at: https://www.newsguardtech.com/special-reports/chinese-network-launches-hundreds-of-fake-dating-accounts-to-influence-the-next-taiwanese-election/ (newsguardtech.com).
   

3. Center for Strategic and International Studies (CSIS). Understanding Hamas’s and Hezbollah’s Uses of Information Technology. [online] Published 31 July 2023. Available at: https://www.csis.org/analysis/understanding-hamass-and-hezbollahs-uses-information-technology (csis.org).
   

4. ESET Research. Love? Actually: Fake Dating App Used as Lure in Targeted Spyware Campaign in Pakistan. [online] Published 28 January 2026. Available at: https://www.welivesecurity.com/en/eset-research/love-actually-fake-dating-app-used-lure-targeted-spyware-campaign-pakistan/ (welivesecurity.com).