{"id":283220,"date":"2026-06-28T08:28:00","date_gmt":"2026-06-28T12:28:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/06\/28\/how-greyvibe-rewrote-the-dating-lure-surveillance-playbook\/"},"modified":"2026-06-28T09:00:08","modified_gmt":"2026-06-28T13:00:08","slug":"how-greyvibe-rewrote-the-dating-lure-surveillance-playbook","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/06\/28\/how-greyvibe-rewrote-the-dating-lure-surveillance-playbook\/","title":{"rendered":"How GREYVIBE Rewrote the Dating-Lure Surveillance Playbook"},"content":{"rendered":"<p><a href=\"https:\/\/www.cybersecurity-insiders.com\/how-greyvibe-rewrote-the-dating-lure-surveillance-playbook\/\">How GREYVIBE Rewrote the Dating-Lure Surveillance Playbook<\/a><\/p>\n<p><a href=\"https:\/\/www.cybersecurity-insiders.com\/how-greyvibe-rewrote-the-dating-lure-surveillance-playbook\/\">https:\/\/www.cybersecurity-insiders.com\/how-greyvibe-rewrote-the-dating-lure-surveillance-playbook\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-06-28 08:28:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.cybersecurity-insiders.com\">www.cybersecurity-insiders.com<\/a><\/p>\n<p>In Kharkiv, a Ukrainian combatant gets a message on Telegram. The account on the other end looks like a woman from a local dating channel, and the pair talk for a while. Eventually, she shares a link to what looks like a Ukrainian adult-club site. He follows it, downloads what he thinks is a client app, and goes on with his day.<\/p>\n<p>The site appears normal, but without him knowing it also drops a remote access trojan onto his Windows machine, or spyware onto his Android phone. In a later version of the site, after the infection has landed, it opens a live WebRTC call and starts capturing his audio and video.<\/p>\n<p>WithSecure tied this campaign, which it calls PrincessClub, to a new Russia-nexus group it tracks as GREYVIBE, in a report published on May 28, 2026. Most coverage focused on the AI angle, which is the loudest finding but not the most operationally interesting one. The PrincessClub design choice, which turns the lure site itself into a human intelligence collection endpoint, deserves more attention;so does its history.<\/p>\n<p><strong>This playbook is not new\u00a0<\/strong><\/p>\n<p>The fake-romance lure that becomes a surveillance channel is a pattern researchers have been tracking for nearly a decade. The clearest precedent is Arid Viper, also tracked as APT-C-23, an operator aligned with Hamas that has been running this exact pattern against Israeli Defense Forces personnel since at least 2017.<\/p>\n<p>Arid Viper\u2019s operators use fake female personas, sometimes with voice-changing software, to build trust over weeks before pushing a target to install a fake dating or sports app. In 2018, the IDF disclosed that around 100 soldiers had been compromised through three apps called Glance Love, Winkchat, and Golden Cup. The malware that followed, tracked variously as ViperRAT, SpyC23, and Phenakite, has supported live camera and microphone access, call recording, and full message and contact exfiltration.<\/p>\n<p>This is not the only precedent. In the Russia-Ukraine war, both sides have run&#8230;<\/p>\n<p><a href=\"https:\/\/www.cybersecurity-insiders.com\/how-greyvibe-rewrote-the-dating-lure-surveillance-playbook\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>How GREYVIBE Rewrote the Dating-Lure Surveillance Playbook https:\/\/www.cybersecurity-insiders.com\/how-greyvibe-rewrote-the-dating-lure-surveillance-playbook\/ Publish Date: 2026-06-28 08:28:00 Source Domain: www.cybersecurity-insiders.com&#8230;<\/p>\n","protected":false},"author":1,"featured_media":283221,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.cybersecurity-insiders.com\/wp-content\/uploads\/How-GREYVIBE-Rewrote-the-Dating-Lure-Surveillance-Playbook.png","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[20,32],"class_list":["post-283220","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-artificial-intelligence","tag-malware"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/283220"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=283220"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/283220\/revisions"}],"predecessor-version":[{"id":283222,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/283220\/revisions\/283222"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/283221"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=283220"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=283220"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=283220"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}