Recently, we discovered a class of social engineering scams exploiting users’ trust in Google Play and Apple App Stores to distribute illegal gambling mobile apps. Our initial analysis indicates hundreds of ongoing scams that have gone undetected since last year. We recommend that Google and Apple proactively find and take down these scams to protect users.
Harms of illegal gambling
Illegal gambling is a multi-billion-dollar business. Illegal online casino and sports betting target kids as young as 10 years old [BBC, MassGov]. Gambling related to sports such as dogfighting and cockfighting promote animal abuse.
In most countries, gambling is regulated to reduce harm to the society. In the United States, gambling is illegal for young people under 18, and yet by the time students get to high school, 60-80% reported gambling at least once in the past 12 months [MassGov]. Teens who gamble are more likely to use illegal drugs, and, among all addictions, gambling is linked to the highest suicide rate [MassGov].
In other countries such as Indonesia, most gambling is illegal [Reuters]. However, government figures show around 3.7 million Indonesians engaged in it last year, placing more than $20 billion in bets [JakartaPost].
Role of social engineering
Gambling often begins innocently. In the world of online illegal gambling, operators use social engineering attacks to hook users. Once hooked, users can fast become addicted to gambling.
Google Play and Apple App Store are two most popular mobile app marketplaces. With billions of users and 3+ million mobile apps, the two marketplaces are highly trusted by users. Because of the high level of trust, they are prime targets for social engineering scams by illegal gambling operators.
Exploiting Play users
In this scam, a user is led to believe that they are installing a legitimate app from the official Play Store. In reality, they are installing a malicious illegal gambling app. Let’s consider an example.
Looking at Figure 1, a user may see an online casino app called Rush77 in the official Play Store. Furthermore, it appears that the app has been downloaded 10+ million times and has millions of 5-star reviews. However, this is a social engineering scam; the app is being downloaded from a website that is a copycat of the official Play Store website. In other words, it is a phishing website targeting Google Play.
When the user clicks on ‘Install,’ the website will download and install an apk file called bonus777_id5_ntla86.apk .This scam website was created on September 10, 2024. It was blocklisted on January 25, 2025 after we informed Google Play about this website. As seen from Figure 2, Firefox browser shows a “Deceptive site ahead” warning when a user tries to visit the website.
Although this website was blocklisted by Google, there are many more similar scams. Figure 3 shows a GIF of another illegal gambling app scam. This website was created on March 21, 2024. Hence, it has gone undetected for more than 10 months. It was live as of January 27, 2025.
Targeting Apple users
This attack is not limited to Google Play users. Illegal gambling operators are also targeting the users of Apple App Store. Figure 4 shows an example. This phishing website was created on December 9, 2024. It was live as of January 27, 2025.
Threat assessment
The examples we discussed, download and install illegal gambling apps on the user’s device. Official Play and App Stores prevent users younger than 18 from downloading gambling apps. However, because the app is downloaded from an unofficial website, underage users can download the app. Like traditional phishing attacks, these websites can steal user’s login credentials and install malware on the user’s device.
Our initial analysis found tens of attacks, which have gone undetected since early 2024. These attacks are using websites that look very realistic with exact look-alike text, logos and high-resolution images. The level of impersonation is high. In our experience, when attacks are regularly detected and taken down, the level of impersonation goes down drastically. This is because the attackers want to avoid being detected. Based on the level of impersonation and the time period these attacks have gone undetected, we predict there might be hundreds of ongoing attacks.
Protecting users
We have informed Google Play of these attacks; we did not receive any response. We recommend that Google and Apple proactively find and take down these attacks to protect users from harms of illegal online gambling.
To protect users, we submitted these websites to PhishTank, a collaborative clearing house for phishing websites. Data from PhishTank powers website blocklists. Browsers, such as Firefox, will display “Deceptive site ahead” warning if a user visits these websites.
About Eydle
The Eydle Scam Protection platform helps enterprises proactively identify and take down scams that target customers and employees. To learn more, visit our website. For questions regarding the blog post, email [email protected].
