Skip to toolbar
Games

A clever Gumtree scam



This is one of the most sophisticated phishing scams I have ever seen. The people behind this one are not your average cyber criminals. I hope you find it interesting.

*UPDATE* Apparently, the app was created by a Russian scammer by the name Evgeny Semenak, It targets Russians, Chinese & English. The app it seems, checks for several banking apps on your device and, no doubt, steals lots of personal and bank data. DO NOT RUN THIS APP ON YOUR PHONE.

Harry Frey has created a github repository for the disassembled sources and lots of other background information… thank you Harry:
https://github.com/harryfrey/fakegumtree

I have now removed the .apk file from this description because it malicious, but see the analysis above.

Catch me on Twitter: https://twitter.com/JimBrowning11 @JimBrowing11

If can possibly sponsor me, this is my Patreon link for regular sponsorship: https://www.patreon.com/JimBrowning

You can also use PayPal for one-off support:
https://PayPal.me/JimBrowningYT

If you want to cut out the middle man, I have a BitCoin link too: 3McgSrbEJ5BcCGRbqnhcHFiQjuCrjmmUSA
Many thanks if you can support me!

Outro music:
http://freemusicarchive.org/music/BoxCat_Games/ (Epic Song)

The 3D logo smash was created by ‘Please Subscribe Dad’… check out his great channel:
https://www.youtube.com/user/pleasesubscribedad

source

Tags

48 Comments

  1. i want to buy this pc. im a nigerian princess currently living in vietnam. im dying of dihoreea and i have 80 milions to pay for the pc. contact me ASAP with your bank details. UN approved

  2. 4:09 that because you have to register,thats why your real phone number worked because you already have an account.Not saying that i am right but that could be a possibility

  3. dear mr Browning. A few years ago, I decided to sell off all my photo lenses in order to switch to another camera brand. I live in Brussels and it was a Belgian second hand online site. To my surprise, I was contacted by someone ostensibly from France who didn't discuss the price and asked me to send her the entire lot (six professional lenses) to some address. She tried to convince me that she would pay me in full via paypal so that I could trust her. Nothing to worry about. I am 99% convinced that this was a scam. Is it possible that there are fake paypal accounts that may lead you to believe that you will be paid?

  4. Hi Jim. Not wanting to be a pain, lol. If you are selling to a private buyer that should come pick up the unit, why are you giving your card details, you are the seller.

  5. This is when it's important to understand programming at the assembler level. Why doesn't the app work for everyone, and why does it only work once?

    First of all, the app is normally installed on a phone. An app has the ability to control your ability to use the app. Such is the case with apps like Norton Mobile Security. You can use it for a period of time for free. When your time expires, you can't utilize certain features anymore. Even if you uninstall and reinstall the app, it recognizes your trial period expired. How does it know?

    Every app notifies you what permissions it requests at the user level. It does not notify you concerning system permissions. There is protected space in the system area which only apps can access, unless you jail break your phone. This app utilized the space, and once you enter all the information it wants, a notation is made in system storage.

    When you try to execute the app again, it fails. But why does it fail for you? Why can't people download the APK and see what is happening?

    You mentioned the scammers had your personal information. That's why only your phone number would let you in. Here's what they did. The countdown clock is there for a reason. That APK file is a standard APK. When you interact with them, a new APK file is created, tailored specifically for the victim, and will remain at that address until the click hits 0. The clock isn't the click you see. It's an arbitrary time span where in the scammers will reset the APK file for another victim. It's possible they use the same URL for everyone the scam. However, I don't think so. Those numbers in the URL are most likely unique for each victim.

    I know, your also going to say you used the BlueStacks emulator. That's a great idea, but not the best. As an emulator, it too has protected system memory. Even as an emulator, it was still super unsafe.

    The best way to test an APK is to start a virtual machine. Then install BlueStacks in the virtual machine environment. Back up the environment. Test the APK. If this APK had serious malware, or a virus, it could spread to your entire computer.

    I believe if you still have the original APK you downloaded, set up a virtual machine, installed BlueStacks in that environment, the APK would install into your emulator and work again.

    It's also possible the app checks a file via the Internet to see if that particular app should execute it not. Also possible, once you entered the data it wanted, your APK files were replaced with the skeleton model.

    Just running the BlueStacks emulator does not protect files on your computer. You need to separate your computer from everything else by first using an emulator.

    If you really want to play with scammers, install a Unix emulator. They won't know how to have you download any remote desktop software. But this was meant for a phone. As you said, they had it built for Android, IOS, and I'm sure they have it for other operating systems.

    Be safe. Don't remove protection from your computer.

  6. Dont let his ruse of being the good guy distract you he could EASILY take someones personal info from all the spreadsheets of scammed people he has seen in past scam busting videos he could be making 10s of 1000s of dollars in post scam scams

  7. Jim should have backed up the apk file after he logged in all of his details on the app, ofc so we can know how and where the details stored inside the application. We cant find anything inside that app you have uploaded.

  8. Wow…there is no end to their deviousness. That would be very easy for some ppl to fall for. Although you have to wonder as a seller on any site why youd need to enter any personal info as they should already know that. Thank you for sharing.👍

  9. His name is Jim Browning not Mr Bob Vegene and he lives next door to me at 3 Sailsbury Sq London.and out side his door was a a gaming PC with a not take away for free.

  10. We constantly get gumtree scams.
    Now we ask where they are located, and when they tell us they are in some remote location (step 1 of this type of scam that involves you paying a courier fee) we now say "oh, it's prohibited to sell this item to someone in your state".

  11. I think this is how it works:

    1. Unique number is generated

    2. The APK is compiled on their servers with that specific number hardcoded.

    3. They update their database for that unique number

    4. Once you enter valid credit card details, their severe update their database – for this unique id, the details are obtained.

    When the app starts, it call their server, if the server tell you are already robbed, the app crashes.

    If you don't have internet connection, the app will not start at all.

    Not really that complex 🙂

  12. Being and APK app is a definite red flag for a start. APK apps are not supported by android that is why you have to give permission from your phone to download one

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button
Close