ScamShield - Multi-Agent Fraud Detection

Central Asia—particularly Uzb—has seen an unprecedented surge in financial fraud, phishing, and social engineering through messaging apps like Telegram and WhatsApp. Scammers use localized social engineering in Uz and Rus, craft typo-squatted domains mimicking real banks and distribute manipulated transaction screenshots or malware-laced files. Ordinary citizens have no automated way to verify suspicious content in real time. ScamShield is a distributed, multi-agent fraud detection system built on the Band SDK. Instead of relying on one general-purpose model, four specialized agents collaborate inside a Band chat room: - ScamShield Coordinator receives the user's request, delegates sub-tasks to the right specialist agents, and synthesizes their findings into a final structured verdict (risk level, fraud probability, plain-language explanation). - Vision Agent inspects images and screenshots for editing artifacts, mismatched fonts, forged bank templates, and visual manipulation. - Stego Agent runs a production-grade forensics engine performing nine concurrent checks: LSB steganography detection, histogram analysis, appended-data detection, entropy scoring, Word macro extraction, PDF JS detection, archive scanning, CTF-flag extraction, and threat-keyword matching. - Text Agent analyzes message text and URLs for phishing patterns, urgency tactics, punycode attacks, and typo-squatting against known Uzbek bank domains. Agents are registered as independent Remote Agents on Band and communicate inside a shared Chat Room. The Coordinator reasons over incoming messages with a local LLM , decides which specialist(s) to delegate to, and the corresponding agent(s) respond inside the same room — real agent-to-agent collaboration, not a single hidden function call. In live testing, a phishing message referencing "kap1talbank.uz" was correctly flagged: CRITICAL risk, 98% fraud probability, with a clear explanation of the typo-squatting domain and social-engineering tactics used.