Have you ever wondered, looking at a profile of a potential dream match on a dating platform, who is actually sitting on the opposite side of the screen? Will they look the same when you meet? Did they change something in their bio to make them sound more impressive? Do they like the things they say they do? Or… do they even exist?
Well, sometimes the answer is: No.
We have discovered a tool (which is still being developed and improved) that provides vast functionality over several different dating platforms, providing the capability to create fake accounts, interact with victims, bypass CAPTCHA, anonymize the access using proxies and browser anonymization tools, and more. The author is also experimenting with ChatGPT, the now-famous text-based generative AI, to provide them with more streamlined and believable texts. Because of that, we decided to name the tool Love-GPT.
Overview
According to our data, the history of the tool goes back at least a decade. Its functionality was iteratively improved over time, adding newer dating platforms as they became more popular, as well as anonymization techniques, and interaction methods. The program contains several Vietnam-related strings, functions, and other references, and we attribute the author to be Vietnamese.
In this blogpost, we will describe a version from 2023-06-06 (compilation date) with the main module version 347. Note that the tool contains different modules: for example, this main version contains a 544th version of Account Control Center module.
ChatGPT functionality was likely added to Love-GPT around March 2023 (likely 2023-03-30, main module version 326).
All versions we’ve seen are programmed explicitly in VB6, provided as a form application. Historically, these variants of module names existed at least at some point in time:
account_control_center_alive_monitor_START_HERE.exepof_reload_monitor.exeringtones_runas_launch.exeringtones_runas_login.exescan_phone.exevirtualbox_pof_reg_CONTROLER_MONITOR.exe
The tool further requires several additional apps for the whole toolset to function properly. As we will demonstrate, all of these are used to support anonymization of the access to the dating platforms, using proxies, creating a large number of fake accounts, getting and writing emails, and interacting with users.
We can peek into the main module of Love-GPT below. The module contains several functionalities for interacting with users, including reading inboxes (getting answers and emails), browsing information about matches (the platforms’ way of indicating interest in the other user), sending likes, storing active cookies in a database, changing used proxy, and much more. There are also three different ChatGPT buttons providing a ChatGPT text generation functionality to the interactions.
In total, the tool contains 58 different application forms, and it is out of the scope of this blogpost to list and describe all of them. However, we would like to show an additional one below, since it is essential for the whole toolset: the Account Control Center module.
This module serves as a main hub for creation of fake accounts for all the supported dating platforms. It also supports scraping photos from the platforms, downloading HTML content about any visited page, using PowerTCP to extract cookies, using Multilogin, ProxyRental, Luminati, MountProxy tools for anonymization, and more. The tool also has a (weak) random generator for the new fake accounts’ passwords, and a random selector from a list of 1000 common US names. The built-in browser allows the operator to visually check the tool’s behavior, as well as manually interact on the visited page, when necessary, in case the automation is not enough.
Note that the tool we are describing here is huge and we might have missed some important aspects in its functionality or omitted them since they are out of scope for a single blogpost. We are still investigating parts of the program and they might be the subject of a follow-up blogpost(s) in the future.
Fake profiles and data harvesting
Database
As we already mentioned, the main goal of the tool is to create fake profiles on several dating platforms and to store/scrape data from the interactions with the platforms’ users, including their profile pictures, profile body texts, dates of communication, etc.
In order to be successful in this goal, the tool uses three large databases, called CL Harvest (CL_db_harvest_db), pof_db (as of Plenty of Fish database), and gmail_db, to store a huge variety of information. Since all the databases are intertwined, likely because of historical reasons, we will from now on refer to them as a single database to simplify the analysis.
The tool uses a Microsoft SQL Server as a database, orchestrating the communication using SQL Server Native Client (provider SQLNCLI10) from inside the program.
Stored information
Currently, the database structure contains approximately 180 different database tables in total (note that the number differs depending on the versions of the tool). We would like to mention at least a few of them, providing interesting insights into what data is being collected or created. We believe none of them need further description.
| Table name | Note |
a_02_Okcupid_photo_db_scanned_from_okcupid | |
a_02_Okcupid_photo_db_scanned_from_okcupid_age_group_1 | Age groups are described later |
a_02_okcupid_about_text_db_age_group_3 | Profile “about” description texts |
a_03_zoosk_replied_users | |
a_07_ashley_accounts | |
duyenso_create_fake_profile_current_setting | DuyenSo is a Vietnamese dating platform |
email_addresses | |
openai_chat_log | |
openai_prompt_1st_contact_msg | |
openai_prompt_ask_for_number | |
openai_prompt_ask_for_number_for_OKCUPID | |
openai_prompt_ask_for_number_INDIRECT_WAY | |
openai_prompt_chat_template | |
openai_prompt_profile_body_text | |
pof_accounts_for_scan_new_users | |
twilio_for_PVA_direct | PVA states for “phone verified account” |
twilio_phone_for_dating_2018 | |
twilio_uk_mobile_number_database | |
US_female_firstname_len_5 | “len” states for “length” |
US_male_firstname_len_5 | “len” states for “length” |
Furthermore, the tool saves images from the dating platforms into several directories:
C:\fb_dating_all_avartar_temp\(mind the typo)C:\fb_photo_set_temp\C:\PIC for POF\BIG STORE\C:\twoo_scanned_photo\E:\FB dating girls photo by city\F:\5K Female photos by hair color\E:\temp_okcupid_downloaded_photo\G:\duyenso_pics_from_pofG:\duyenso_pics_from_pof_girls\G:\duyen so acc photo - ready to up - girls\G:\duyen so acc photo - ready to up - man\
Age groups
The tool categorizes the users into four different age groups:
| Age group | Age range |
| 1 | 30-37 years |
| 2 | 37-49 years |
| 3 | 49-60 years |
| No group | None of the above |
This serves as a filtering option, and it also shows what ages are interesting for the author/operator. We suppose this is due to the fact that the author is most likely using the stolen information to create further fake accounts. The age group might be an important aspect for setting up the fake age properly, especially with photos.
Targeted dating platforms
We have identified 13 different dating and social discovery platforms that the tool interacts with, as of the 2023-06-06 analyzed version. The list of the dating platforms can be found below:
| Dating platform | Note |
| Ashley Madison | |
| Badoo | |
| Bumble | |
| Craigslist | Interested in “Personal” / “cas” section – “casual encounters” |
| DuyenSo | Vietnamese dating app |
| Facebook Dating | |
| likeyou.vn | Vietnamese social network and dating platform |
| MeetMe | |
| OkCupid | |
| Plenty of Fish | |
| Tagged | |
| Tinder | |
| Zoosk |
The tool has several steps it takes in order to create the fake accounts, following the process of registering on the platforms. This often involves getting through CAPTCHA, verifying phone numbers (PVA), and creation of fake email addresses, usernames, and passwords. All these steps are performed by the tool, seeking the most automatic process possible. If any of the automations fail, the tool also contains a built-in browser that allows the operator to perform the steps manually.
Note that Craigslist discontinued the “Personal” section during the FOSTA-SESTA acts in 2018 and we consider this functionality obsolete and not used in the program anymore.
Historically, Love-GPT was interested in other dating sites/social platforms, too. For example, we could find traces of Twoo, Oodle, and Fetlife. These platforms, however, don’t have proper functionality incorporated in the tool anymore.
Using ChatGPT
During 2023, the author started to use ChatGPT to generate new profile descriptions as well as other prompts to interact with the dating platforms’ users. The author uses a ChatGPT API token which is hardcoded in the binary.
We estimate that the ChatGPT functionality started to occur around March 2023 (likely 2023-03-30, main module version 326) and it is still under development. Some parts of the functionality seem still like proof-of-concept, and we suppose they are not fully functional yet, with some of them proving more potent already.
The functionality provides an interesting insight into the upcoming trend of using highly believable texts leveraging generative AI and large language models (LLMs). We can already see that tools misusing the generative AI platforms are emerging and this is likely one of the first in-the-wild examples how it can be misused by the bad actors.
Overall, the tool contains these functionalities leveraging ChatGPT (both finished and under development):
- Create a fake profile description to be used on the dating platforms
- Read the inbox on the dating platform and reply to messages
- Ask for a phone number
- Write a first contact message
- Chat from a template
In the current implementation, the tool uses these two ChatGPT models:
text-davinci-003gpt-3.5-turbo
Request parameters
The tool uses different set of parameters for the performed tasks, influencing ChatGPT via its API to perform as needed. For example, parameters for creating a profile body, ensuring diverse and short texts, are as follows:
"temperature": "1""max_tokens": "60""top_p": "1""frequency_penalty": "0.5""presence_penalty": "0"
Note that for other prompts, temperature = 0.5 is usually used as well, scaling down the randomness.
The tool uses “prompt” values in the API requests’ body to generate the output. In some of the cases, the whole context is provided to guide ChatGPT for the more precise results:
Just for the sake of demonstration, this is what ChatGPT usually returns for similar prompts:
The detailed description of the parameters available in the ChatGPT API can be found in the official documentation.
They tool to win
Love-GPT uses a large set of additional tools and components to stay hidden/anonymize its interaction with the dating sites and their users. It also contains additional components for it to operate, using communication tools and protocols, Android emulator, and OCR for CAPTCHA bypass.
Staying anonymous
The tool needs to use real-looking, fake request fingerprints to reliably access the dating platforms. Otherwise, the platforms could detect such activity and suspend/ban the accounts or bombard the access with CAPTCHAs and other anti-crawler safeguards.
Below, you can find a list of the anonymization tools being used, with a short description.
| Tool | Short description |
AdsPower | Anti-fingerprinting tool using virtual browser profiles |
FraudFox | Virtual machine and a tool for user-agent and device spoofing |
Identory | Anti-fingerprinting browser platform, creating unique identities for any site |
Kameleo | Anti-fingerprinting browser platform using virtual browser profiles |
Luminati | Proxy network, allowing anonymity for data collection and web scraping |
MountProxy | Residential proxy provider |
Multilogin | Anti-fingerprinting tool using virtual browser profiles |
ProxyRental | Residential proxy and dynamic IP provider |
To summarize, with this artillery, Love-GPT stays under the radar because no one can effectively distinguish connections coming from this specific tool and other regular users accessing the platforms.
Communication components
Love-GPT can communicate with the users directly on the dating platforms. Because the platforms usually need to verify its users using unique email addresses or even require a PVA accounts (phone verified accounts), the tool has a complete email and phone number management. To achieve this goal, it uses these services and tools:
- Email services –
Gmail,Yahoo PowerTCPPingerSMSpva(smspva.com)TextFreeTextNowTropoTwilio
SMSpva is a service for obtaining temporary phone numbers. Along with TextFree, TextNow, Twilio, and others, the toolset provides a convenient way how to enable receiving the SMS verification codes for PVA registration.
The tool is also able to analyze and send emails from the created Gmail or Yahoo accounts’ inboxes, as well as forwarding emails to different addresses.
Finally, Love-GPT also uses PowerTCP, or more specifically DartWeb.dll, to support network and communication-related traffic with the web.
Buying new domains
Love-GPT also has a system for buying new domains and making renewals of the already registered domains, including performing payments for the domains. Historically, this was being performed using Entropay. However, since Entropay’s consumer product was discontinued in 2019, we suppose the Love-GPT’s operator switched to some other similar consumer-based service, but that is not reflected in the code – virtual credit card information is stored on the author’s local database, not in the binary.
The main purpose for this functionality is to set a domain forwarding through the registered domains. To achieve this, the tool uses an API to check the required domains availability, checking the auto-renewal options, as well as setting up the forwarding: https://api.name.com/v4/domains/
Android emulation
Since some of the platforms are mobile based, for example DuyenSo or the Facebook dating app, the tool uses LDPlayer to emulate a proper behavior on the supported dating platforms.
The tool also uses a shared folder for exchanging files between the emulator and the local filesystem, mostly for transferring photos:
E:\LDplayer_shared_folder_for_fbdating\
OCR and CAPTCHA
Quite an effort was made in Love-GPT to bypass CAPTCHAs. It uses two different Optic Character Recognition (OCR) tools for capturing texts:
OmniPageDeCaptcher
Love-GPT has a dedicated panel, a control center, to orchestrate the CAPTCHA bypassing functionality.
Future work
During our research, we have discovered multiple additional tools with similar purposes, some of them even likely from the same author who is behind Love-GPT. These vary from more broad scrapers to highly specialized, for example just focusing on Tinder. This clearly shows the trend of automation in this field and ChatGPT can be useful in streamlining the interactions to harvest further data from the victims than they would share otherwise.
Hashes
| Hash | Compilation date |
8071dc3dc1e7814f644f2745bbebab8c159763a3605b3615847772851b3960ce | 2023-06-06 |
cf809afcad7a2054a8c39a84443579d0c9d81ddf0233164bf2a4214a39b6206c | 2023-03-30 |
