Contains detailed Threat Intelligence analysis on trending Turkey-based SuperApp & virtual card provider and how cyber-crime enablers fly under the radar!
In this blog-post, we will be touching base on multiple topics including and not limited to “How” and “Why” this trend was investigated in first place but also setting right context on the subject and get deeper understanding on How cyber criminal enablers fuel the Undergound / Cybercrime economy and campaigns.
Additionally, to highlight while the whole CTI and Cyber Security community is busy dealing in detecting and dealing with Threat hunting and blocking Ransomwares and Information stealer malwares as a reactive approach. The cyber crime enablers usually fly under the radar and help fuel more malicious campaigns.
Disclaimer: This report is shared in the spirit to help understand cyber-crime economy better, investigate the root cause and expressly declare that it does not intend to cause any harm, damage, or negatively impact any brand or financial institution.
Overview of Content
- Trend(6months) and Monetization on RU cyber-crime forum
- About Ozan Super App?
- Observations from OSINT
- Ending Notes
Ozan SuperApp discussions on Cyber Crime forum
Analyzing the trend at cyber-crime forum between Oct. 2022 to May, 2023 a total of 64 advertisements were posted with price as low as $10–20 USD were discovered.
The advertisements offered following:
- Identity and KYC verified accounts Super Plus Plan accounts
- Accounts linked with eSIM from Turkey-based Telecommunication providers
- Turkey-based bank accounts
- Attached Virtual cards capable of conducting transactions on Mastercard, VISA including 3DS
After reading the offering it is safe to assume the associated accounts can be monetized or used in following ways:
- Replenishing funds on popular advertisement services to conduct Malveristing.
- Payment on Third party services to avail premium and commonly used products. While the list is endless the payment can be made to Email/SMS marketing, Hosting services, Subscription to Big Data and analytics platforms, Mass message sending services, etc
- Money laundering purpose
Note — The monetization methods are deduced based on historical activity and abuse of similar services. It is highly suggested to conduct detailed investigation on BIN numbers and IBAN numbers associated with Ozan SuperApp for fraudulent transactions.
Now that we have gone through advertisements and possible monetization methods. Let’s talk more about the subject company Ozan Super App and what does companies description on the websites about us page, search engines and and Google Play store reviews have to say about the offering and service.
About Ozan Super App
Ozan Super App is a Turkey-based company that offer SuperApp to conduct financial transaction, Play games and earn cash back by availing the service through Android and IOS-based apps. It is worth noting, the app is primarily offered in Turkish language and there are campaigns in Turkey
The Google Play Store displays a total of 100,000+ installs with rating of 3.8 and 2,400 reviews. ( Ref — Google Play Link )
List of features offered when you signup for the app:
- Opening an account in seconds
- Sending and receiving money fee-free
- Creating a virtual SuperCard
- Register your physical SuperCard to your account
- Earn instant cashback with every spend
Analysis —Offerings, Identity Verification, KYC & Limitations
In order to understand better about the service and verification process there is no better place to visit then FAQ section or Pirvacy page of the website, but apparently upon visiting you are greeting with 404.
Searching on your favorite search engine will lead to the Reddit page for Ozan SuperApp (Ref — Click Here ) does have detailed FAQ.
The privacy page at website mentions what data is collected for KYC and Identify Verification of user:
- a photo of yourself holding your identity card; and/or
a scan of your passport chip (if you are using an Android phone and have a biometric passport).
- Uses facial recognition technology to match photo on the ID card.
Key Observations from Reddit
In this section, we shall delve into analyzing posts from Reddit and gain better understanding:
- Verification without Turkish ID is possible using passport
- Top up limit for other currencies is 10,000 Euros (€ )
- Physical Card be availed from offline stores such as Carrefoursa, Teknosa, and D&R and online stores such as Trendyol, Hepsiburada, n11.com.
- Free limit of create 10 virtual cards and post paying 1 Turkish Lira or 0.051 United States Dollar Unlimited virtual cards can be availed.
- Comment from a disgruntled user awaiting verification adds “If, There is no more verification for users from Russia”.
- Comment suggests for registration only Turkish numbers work
Ending Notes
The purpose of this quick, choppy summarized investigation was to highlight:
- Discovering trends on cyber-crime discussion places will help CTI researchers in proactively mitigating the indirect threat associated with organization and clients.
- Understanding the bigger picture helps in delivering right context and relevance to proactively block future threats.
- Reading websites FAQ and privacy policy section helps a lot in developing hypothesis on identifying KYC/Verification process and other process related flaws that can be abused by cyber-criminals.
- Cyber Criminals target and chose services which are not popularly known. Hence, keeping up-to-date on new services advertised globally is a must.
- Data analysis and scraping skills helps you in collecting and analyzing content at individual level to discover bigger picture. ( You can use ChatGPT ;) too )
- Keeping in mind cyber-crime is ever evolving, take care of mental and physical health is equally important to perform at top notch.
Until next time!
