Scammers finding new ways to social engineer victims

Introduction

This is tied to my previous article about Loan Sharks, where I talked about SpyLoan Malware Research with these scammers exploiting our fellow Tanzanian Citizens. You can read the article from here and the arrest information from here with the linked article document that was used to support the investigation.

Recently, it has come to my attention that ever since the Loan Apps have been banned. These scammers are finding new techniques to manipulate victims to get loans from them. The whole idea of them implementing the method of using smishing or SMS Phishing in other words.

Further Investigation:

We can see from below here, it all begins with a malvertising (or Malware Advertising) SMS to help spread their malware through a malicious link via SMS. The scammers have made it in this way, so it makes it easier to prey the vulnerable by getting them to download their loan app. Of course, the SMS is then filtered out by Android Spam Filters later since the messages sent via this bulk code are obviously unsolicited:

Victim received unsolicited SMS from a Bulk Code

A good thing is that the victim never clicked the link and referred to me first to check this out, noticing the link contained an APK File, immediately after clicking it, I decided to take the screenshot and leave the link without downloading the Loan Shark App:

Malicious Loan Shark App from the link

After this, I decided to warn the victim that the link is malicious and that it’s just one of those apps again. Analysis of the whois for the domain reveals this:

DNS Settings show that the site is hosted on an AWS Bucket

AWS Buckets are normally what scams like these normally use, including other domains tied to Chinese Companies as shown in the previous analysis from the link above.

We can further see that the domain is currently down, most likely from being reported, which is good:

Who is is not displaying any registrar data

Conclusion

If you have been a victim of being sent these links, don’t worry. Simply, report the bulk code as a spam and block the code. Don’t click the link, install or download the program. If you have fallen victim of the loan shark scam, simply report this to law enforcement immediately as these Loan Shark Apps have been banned throughout the country.