A clever Gumtree scam

Video Statistics and Information

Captions Word Cloud
over the years I've sold a good number of things on gumtree and recently I placed a gaming PC for seal if you're not familiar with gum tree it's a little bit like Craigslist and you can buy and sell stuff locally but like Craigslist sits wide open for scams and the advice is always to see the goods your bike to buy and when it comes to selling ensure that you get payment upfront so when I got a text to my mobile phone offering me some prepayment I was very suspicious and when I looked closer it wasn't at the gum tree site at all it was gum tree dot CC rather than gum tree comm the URL had a unique number on the end but it wasn't the same as the seals number that I'd used in the proper gum tree site so when I spotted this I thought this was going to be a pretty standard phishing scam but instead when I fold the link I uncovered a very sophisticated scam critical alert for my gosh the texts I received contained my first name so obviously that harvested some data but I was really surprised to see when I clicked a link my real advert appeared I was expecting just some form to ask me for my credit card details but know this really was my advert with the words receive payment at the bottom as I scroll down it told me that I had received the full asking amount of 400 pines and that the funds were charged via the secure transaction service something I'd never heard of to continue I just need to click the continue button this was all in the right font and the right logos for geometry so it looked pretty convincing so far there are even some genuine Gumtree links to talk about Internet safety there was a description of what a secure transaction was but it was pretty vague so I just clicked the continue button at that point I was expecting to see a pretty standard phishing form but no this time it was asking me to download an application the application was named gum tree apk which is a pretty standard package for an Android phone these scammers have gone out of their way to create both an Android and at nigh where application which would have been downloaded to my phone the normal advice is to only ever download and run something from the Google Play Store in the case of Android or the Apple Store for iOS devices unless to safeguard against just this this is obviously a fakie gum tree app and we'll have a look at what that actually does I definitely didn't want to sacrifice my real mobile phone goodness only knows what the application did so I downloaded something called BlueStacks BlueStacks is an Android emulator which will allow me to try out to this apk file without risking my phone when I had it installed I tried out the URL that had been texted to me by the scammer but by this stage the whole demand seemed to be off air I ever had saved a copy of the apk file so I copied this from my phone to this emulator so now that it was installed it was time to run it and see what it was actually doing when I double clicked it it automatically rotated the screen so that it was in portrait mode it was then prompting me to log in to this fake Dom tree the only options open to me were to sign in with Google or to use my phone number I tried the sign-in with Google first and it did nothing whatsoever it seemed that the only thing I could do was to type in a phone number and my initial thought was probably any phone number will do if this is a bog-standard phishing site so I initially tried a few around them without fooling compliant and I thought I'd be able to log in but no it wouldn't accept this as a login I tried once again to sign in with Google and again it wouldn't let me it seemed the only thing I could do was to use a mobile phone number I tried another random phone number thinking that I might have got the number of digits wrong but again this time around it wouldn't let me login and then it dawned on me these guys were more sophisticated than I thought they had my real name they knew my mobile phone number they had a copy of my advert chances were for this version of the application I would have to use my real mobile phone number and sure enough when I tried the real thing it did let me login it presented me a screen to tell me that a payment had been received but I had to confirm it within 16 hours and the clock was ticking it seems that I would have to confirm the order if I didn't want it to be canceled so still curious as to what would be next I clicked the confirm order button I was running Wireshark this whole time so anything that it was contacting I would be able to trace and not surprisingly it said that there was an error on that bank details were not available seemingly I had to add a card before I could proceed and this is the crux of the scam they asked for card details and they claim that they will deduct just one penny to prove that the cards mine eluate claims that it's going to be deducting one penny it's very likely that this app is specifically designed to remove thousands of pounds from anyone who types credit card details into these fields I had Wireshark running and I was looking at which server it was talking to whilst I was typing information into these fields it looks like a UK server and it's a Microsoft Azure or cloud server I filled in the fields with some fake information I had a credit card number of the right format so the validator should have worked I give him a fake name and then I typed in the month of expiry of this card on the CVV however the validation was not brilliant for the month because alou I'd type zero 4/21 it expected a space between the four and the slash so it took me a couple of goes before I would get this form actually feel light when I finally did get the space character right in the month eventually the form did accept my card and I was able to supposedly make a payment if it's obviously doing some sort of validation because of took a while before it prompted me forget more information this time it was asking me for more personal information by for name surname address city and postcode I populated this with some fake information the app could have done with some better validation because it wasn't enough room in the address field to complete a full address I ever I was able to submit what I had finally when it had captured all of this personal information I was given a confirmation order and told that a check was in progress and I should have weird activation of my account the final check the application status button didn't seem to do very much when I clicked it all it did was say a check was in progress and I should still wit I presume I would be waiting forever sometime later out of curiosity I decided to see if the app would let me put in these personal details once more so I deleted the app off my desktop and re copied it however this time when I tried to run me up again it did nothing but crash out it seems that he ever created this up deliberately constructed it so that you could only type these details once and then wouldn't lend itself to any further analysis this has definitely been one of the most sophisticated apps and scams that I've seen in quite a while the app itself has been tailored or at least adverts have been copied from the original gum tree so that performs to look as if it's a real app and because it's been designed to only run exactly once the people here behind the app are more sophisticated than your average cyber criminal I've left a link to the apk file which I downloaded and perhaps others here are more used to analyzing what these apps do could maybe have a look at it and please get back to me with your analysis I'd love to hear what do you think I regularly create videos on scams so if you'd like to see more there's ways that you can help me there's a link here to my patreon channel and if you're a three dollar or more subscriber you see lots of exclusive content which is only available to my patrons you'll also be the very first to see any new videos i'm also on twitter at jim browning eleven and once again thanks for watching my video [Music]
Channel: Jim Browning
Views: 791,907
Rating: 4.9392719 out of 5
Keywords: gumtree, gumtree scam, scam, apk
Id: i-Rl1WLMCE8
Channel Id: undefined
Length: 9min 40sec (580 seconds)
Published: Thu Dec 06 2018
Reddit Comments

With the amount of effort needed putting this scam together you might as well get a job.

👍︎︎ 4 👤︎︎ u/evilgentoo 📅︎︎ Dec 10 2018 🗫︎ replies

Here is the APK file as a zip and the DEX file converted into readable java classes for anyone who can be bothered to check the code. I'm gonna pick through it tonight for fun though.

👍︎︎ 2 👤︎︎ u/Tainted-Archer 📅︎︎ Dec 10 2018 🗫︎ replies
Related Videos
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.