Sports Betting Fraud

imageThe social network “VKontakte” has turned into a real trading platform, of course, scammers do not miss the opportunity to earn money and come up with new ways to deceive unsuspecting users. I will consider the method that has been used for more than six months and tell how scammers manage to convince an ordinary user to buy a password from the archive with a known result of the match.

In order to gain user trust, the fraudster publishes something like the following:

image

By link - a program with an interface in the winrar style. I came across 2 such "archives", with the only difference being that one is written in Delphi and the other in C #


First:
MD5: 4268f3ee48ffdb8e2f15a425db1698f1 | VirusTotal

image

image

I can’t imagine how it could have been done for mass distribution and I am even more surprised how people are doing this! Well, okay, let's open the program in IDR and we can observe the following:

image

Here a list of passwords is created for subsequent verification, as a result, depending on the password, the match result is saved in a text file:

image


The second sample is much more interesting:
MD5: df307eadcf17025abfdd0a1780f4b1e0 | VirusTotal

image

image

Here the design is much better and the functionality is not inferior, even there is a password conversion:

image

Everything is simple, take the password from the source for example: rtfgyudf , do the reverse conversion and get: rtyufgdf

As you can see, scammers invent new ways of cheating, be careful and don’t see this!

Also popular now: