HomeIntelligenceBrief
🔓 BREACH BRIEF🟠 High🔍 ThreatIntel

Fake App Store Campaign Directs Users to Unregulated Gambling Apps, Bypassing Platform Safeguards

A social‑engineering campaign called FriendlyDealer mimics Google Play and Apple App Store pages across more than 1,500 domains, tricking users into installing web‑apps that redirect to affiliate‑driven gambling sites. The scheme bypasses mobile security warnings and exposes users to unregulated gambling, creating financial and reputational risk for organizations.

🛡️ LiveThreat™ Intelligence · 📅 March 24, 2026· 📰 malwarebytes.com
🟠
Severity
High
🔍
Type
ThreatIntel
🎯
Confidence
High
🏢
Affected
4 sector(s)
Actions
4 recommended
📰
Source
malwarebytes.com

Fake App Store Campaign Directs Users to Unregulated Gambling Apps, Bypassing Platform Safeguards

What Happened — A coordinated social‑engineering operation dubbed “FriendlyDealer” deployed over 1,500 domains that impersonate the Google Play and Apple App Store interfaces. The sites host web‑apps that appear to install like legitimate mobile apps but actually redirect users to affiliate‑driven online gambling portals. No traditional malware is dropped, but users are funneled into unregulated gambling services without age or deposit controls.

Why It Matters for TPRM

  • Third‑party web properties can masquerade as trusted platforms, undermining vendor due‑diligence on digital supply chains.
  • Affiliate‑driven revenue models create hidden financial exposure and reputational risk for organizations whose employees may inadvertently engage with illegal gambling.
  • The technique exploits native browser features, bypassing typical mobile security warnings and complicating endpoint monitoring.

Who Is Affected — Consumers worldwide; enterprises with mobile workforces (tech SaaS, finance, media) that allow app installations from personal devices; any organization that relies on third‑party app distribution channels.

Recommended Actions

  • Update mobile device policies to prohibit installations from unknown sources and enforce enterprise‑managed app stores.
  • Conduct awareness training highlighting fake app‑store tactics.
  • Review contracts with advertising partners to ensure they do not serve malicious affiliate links.
  • Deploy web‑filtering rules that block known FriendlyDealer domains and monitor for similar impersonation patterns.

Technical Notes — The kit detects device type and serves a matching fake store UI, leveraging Chrome’s install‑prompt API to display a legitimate‑looking “Installed from Google Play Store” status. All content is driven from a single configuration file, enabling rapid re‑branding of dozens of casino “apps.” No CVEs are involved; the attack vector is pure social engineering and UI spoofing. Source: Malwarebytes Labs

📰 Original Source
https://www.malwarebytes.com/blog/scams/2026/03/friendlydealer-mimics-official-app-stores-to-push-unvetted-gambling-apps

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

🛡️

Monitor Your Vendor Risk with LiveThreat™

Get automated breach alerts, security scorecards, and intelligence briefs when your vendors are compromised.

Start Free Trial → Learn About Scorecards
← All Intelligence Briefs Breach Watch Feed →