Phase 1 — Active Development

Crypsis Detection Roadmap

Prepared for

A detection framework prepared for the Indian Cyber Crime Coordination Centre (I4C) — covering fraudulent app detection, malicious ad network analysis, and banned RMG website monitoring.

0 Apps Identified
0 Detection Engines
0 Total Phases
Explore Roadmap
Roadmap — App Detection

Fake App Detection Phases

Our systematic approach to identifying and combating fraudulent loan applications — from signature matching to fully automated detection.

01
Currently Active

Signature Matching

Identifying common code signatures, patterns, and identifiers shared across fraudulent loan apps to establish a detection baseline for I4C.

  • Permission pattern recognition
  • Developer metadata correlation
  • Detection via ad distribution mechanisms
  • Scam phone number & contact tracing
02
Upcoming

Extended Detection

Scaling our detection capabilities to identify more fraudulent apps using the signatures discovered in Phase 1, with human review for validation and accuracy.

  • Broad Play Store scanning
  • Human-in-the-loop review
  • Cross-referencing scam databases
  • Building a classifier training set
03
Upcoming

Automated 1-Click Review

Fully automated pipeline — one-click review and evidence extraction. No human intervention required for standard detections.

  • ML-powered classification engine
  • Automated evidence report generation
  • One-click takedown submissions
  • Real-time monitoring dashboard
04
Future

Ecosystem Protection

Proactive defence — continuous monitoring of app stores and social media for new scam app variants before they reach victims.

  • Predictive threat intelligence
  • API for third-party integrations
  • Social media ad monitoring
  • Law enforcement collaboration portal
Evidence

Distribution Channels

These scam apps are actively promoted through Instagram ads and fake customer care numbers. Below is photographic evidence of their distribution tactics.

Play Store listings of KubiSloan and CreditClimb scam apps

Play Store Listings

KubiSloan & CreditClimb apps displaying fake customer care numbers to lure victims.

Punji Cash fake loan app on iOS App Store

Cross-Platform Presence

Punji Cash scam app on the iOS App Store — multi-platform operations.

inVish, CashLoop, and Rupeeline scam apps on Play Store

Network of Scam Apps

inVish, CashLoop, and Rupeeline — all sharing the same customer care number.

Instagram ad promoting FinVeer scam loan app

Instagram Distribution

Instagram accounts advertising fake loan apps like FinVeer with fraudulent numbers.

Targets

Identified Applications

5 fraudulent loan applications currently live on the Google Play Store. APK samples are provided below for I4C's reference.

LoveFund

com.lovefund.lovefund

12.6 MB v1001
Malicious
Play Store Download APK

CreditClimb – Credit Improvement

com.creditclimb.improve.manage

15.6 MB v12
Malicious
Play Store Download APK

FinVeer - Credit Assistant

com.hunter.veer

448 KB v100
Malicious
Play Store Download APK

KubiSloan

com.geoper.mango.kubi

12.9 MB v102
Malicious
Play Store Download APK

CreditVue - Loan Guard

com.creditvue.loanguard.creditguard

5.1 MB v2
Malicious
Play Store Download APK
Recording

Scam Call Evidence

Live call recording made to one of the fraudulent customer care numbers advertised by these scam apps. This recording demonstrates their social engineering tactics.

Scam Call Recording

📞 Number: 8101529364 📅 Date: April 6, 2026

Call placed to the "customer care" number advertised on the KubiSloan Play Store listing. The recording exposes the social engineering tactics used by the scam operators.

0:00
0:00
Roadmap — Ad Detection

Intermediary Ad Network Detection

Intermediary ad networks have become a partner in crime by letting malicious and fake ads run on their platforms. Our system scrapes, classifies, and packages evidence for takedown.

01
Completed

Keyword-Based Ad Scraping

Users input target keywords. The system scrapes major ad networks (Google Ads, Meta Ads Library, etc.) to discover ads matching those keywords — including short-lived campaigns that vanish quickly.

  • Keyword-driven ad network scraping
  • Innovative scraping for short-lived ads
  • Multi-platform ad network support
  • Unique Library ID assignment per ad
02
Completed

Safety Scoring & Classification

Each scraped ad is run through a classification engine and assigned a safety score. Ads are categorized by risk level and linked to known scam patterns.

  • Automated safety score per ad
  • Risk-level categorisation (low/med/high)
  • Cross-referencing with known scam apps
  • Human review for borderline cases
03
Currently Active

Dashboard & Evidence Packaging

Classified ads and their scores are displayed on a searchable dashboard. Complete evidence packages are generated for easy takedown requests.

  • Interactive results dashboard
  • Evidence packaging for LEA takedowns
  • Ad history & timeline tracking
  • Export reports in standard formats
04
Future

Real-Time Ad Monitoring

Continuous, automated monitoring of ad networks for new malicious campaign variants. Instant alerts when new scam ads are detected matching known patterns.

  • Always-on ad network crawlers
  • Instant alert system for new scam ads
  • Cross-platform social media coverage
  • Central repository integration
Roadmap — RMG Detection

Banned Website & RMG Detection

Our website detection engine scrapes for sites similar to already banned websites — including Real Money Gaming platforms — that could become active any moment or may have escaped takedown orders.

01
Currently Active

Seed URL & Keyword Scanning

Starting from seed URLs or keywords, the engine checks if a website belongs to any banned category using known data points and classification rules.

  • Seed URL and keyword input system
  • Banned category matching engine
  • Instant classification of known clean URLs
  • Data point collection from suspect sites
02
Planned

Recursive Discovery

Recursively searching across top search engines and Telegram for more linked websites. Discovers unindexed sites and expands detection coverage automatically.

  • Recursive search across search engines
  • Telegram channel & group scraping
  • Discovery of unindexed & hidden websites
  • Comprehensive data enrichment pipeline
03
Planned

ML Classification & Clustering

All collected data points are fed through ML classification models. Websites are clustered by operator, infrastructure, and content similarity for coordinated takedowns.

  • ML-based website classification
  • Infrastructure clustering analysis
  • Section 69A classification assistance
  • Browser extension for live protection
04
Future

Automated Takedown & Evidence

Complete evidence packages tuned for Section 69A takedowns, with actionable insights for law enforcement. Continuous monitoring ensures takedown targets don't re-emerge.

  • Complete evidence packager for LEAs
  • Section 69A classification integration
  • Re-emergence detection system
  • Central repository for all signals
Get in Touch

Contact Us

Reach out to the Crypsis team for more information about detected applications or to share leads on fraudulent apps.

Aryan Kalra

Crypsis — Founder

Email aryan@crypsis.in
Phone +91 9650784785