March 16, 2016 at 12:38Sports Betting Fraud
The social network “VKontakte” has turned into a real trading platform, of course, scammers do not miss the opportunity to earn money and come up with new ways to deceive unsuspecting users. I will consider the method that has been used for more than six months and tell how scammers manage to convince an ordinary user to buy a password from the archive with a known result of the match. In order to gain user trust, the fraudster publishes something like the following:
By link - a program with an interface in the winrar style. I came across 2 such "archives", with the only difference being that one is written in Delphi and the other in C #
First:
MD5: 4268f3ee48ffdb8e2f15a425db1698f1 | VirusTotal
I can’t imagine how it could have been done for mass distribution and I am even more surprised how people are doing this! Well, okay, let's open the program in IDR and we can observe the following:
Here a list of passwords is created for subsequent verification, as a result, depending on the password, the match result is saved in a text file:
The second sample is much more interesting:
MD5: df307eadcf17025abfdd0a1780f4b1e0 | VirusTotal
Here the design is much better and the functionality is not inferior, even there is a password conversion:
Everything is simple, take the password from the source for example: rtfgyudf , do the reverse conversion and get: rtyufgdf
As you can see, scammers invent new ways of cheating, be careful and don’t see this!