Scammers finding new ways to social engineer victims
Introduction
This is tied to my previous article about Loan Sharks, where I talked about SpyLoan Malware Research with these scammers exploiting our fellow Tanzanian Citizens. You can read the article from here and the arrest information from here with the linked article document that was used to support the investigation.
Recently, it has come to my attention that ever since the Loan Apps have been banned. These scammers are finding new techniques to manipulate victims to get loans from them. The whole idea of them implementing the method of using smishing or SMS Phishing in other words.
Further Investigation:
We can see from below here, it all begins with a malvertising (or Malware Advertising) SMS to help spread their malware through a malicious link via SMS. The scammers have made it in this way, so it makes it easier to prey the vulnerable by getting them to download their loan app. Of course, the SMS is then filtered out by Android Spam Filters later since the messages sent via this bulk code are obviously unsolicited:
A good thing is that the victim never clicked the link and referred to me first to check this out, noticing the link contained an APK File, immediately after clicking it, I decided to take the screenshot and leave the link without downloading the Loan Shark App:
After this, I decided to warn the victim that the link is malicious and that it’s just one of those apps again. Analysis of the whois for the domain reveals this:
AWS Buckets are normally what scams like these normally use, including other domains tied to Chinese Companies as shown in the previous analysis from the link above.
We can further see that the domain is currently down, most likely from being reported, which is good:
Conclusion
If you have been a victim of being sent these links, don’t worry. Simply, report the bulk code as a spam and block the code. Don’t click the link, install or download the program. If you have fallen victim of the loan shark scam, simply report this to law enforcement immediately as these Loan Shark Apps have been banned throughout the country.