Think you’re downloading from Google or Apple? 1,500+ fake app store sites look like the real thing, but push unvetted, cloned web-based casino apps.

Security Boulevard is a leading cybersecurity news and information portal, offering articles, analysis, and insights on cybersecurity threats, vulnerabilities, and best practices. From the latest trends in cyber threats to expert commentary on security technologies and compliance frameworks, Security Boulevard provides resources for security professionals, IT leaders, and business executives seeking to protect their organizations from cyber attacks and data breaches.

Security Boulevard

A large-scale social engineering campaign called FriendlyDealer has been identified operating across 1,500+ domains that impersonate the Google Play Store and Apple App Store. The campaign uses a single reusable kit that detects the user's device and displays a convincing fake app store page, then tricks users into installing Progressive Web Apps (PWAs) disguised as gambling apps. The kit abuses Chrome's PWA install prompt on Android so no 'unknown sources' warning appears. Once installed, the fake app redirects users to unregulated casino sites via affiliate links, earning commissions when users sign up or deposit money. The operation does not steal credentials or install traditional malware — it profits entirely from gambling affiliate payouts. Code artifacts including Russian-language comments and Yandex Metrica integration suggest a Russian-speaking development context. Remediation steps for both Android and iOS are provided, along with indicators of compromise.

FriendlyDealer mimics official app stores to push unvetted gambling apps

One kit, dozens of apps, built to mimic real app stores

Follow the money: affiliate commissions, not malware

What to do if you installed one of these apps