iGamingNews – новости iGaming

Fraudulent FriendlyDealer Network Mimics App Stores

Cybersecurity company Malwarebytes identified the fraudulent FriendlyDealer network, which uses fake Google Play and App Store pages to redirect users to unregulated online casino sites.

How the FriendlyDealer scheme works

The network operates as a social engineering campaign aimed at convincing users that they are installing a legitimate application from an official store.

In reality, the user remains on a website and installs a web application that then redirects them to casino offers via affiliate links.

Fake app stores

The scheme includes at least 1500 domains, each of which mimics the interface of Google Play or Apple App Store.

Users see familiar design elements, reviews, and interface components, but are actually interacting with a third-party website.

Fake applications and brands

The network includes at least 20 fake applications under different names.

Among them are Tower Rush (189 deployments), Chicken Road (97), Beast Games: Ice Fishing (43), as well as apps imitating the Revolut brand and the Gates of Olympus slot from Pragmatic Play.

Interface imitation

FriendlyDealer adjusts the display based on the user’s device.

On Android, a fake Google Play store is shown, while on iPhone a fake Apple App Store is displayed with matching fonts and styling.

Installation mechanics and PWA

When the “Install” button is clicked, the app is not downloaded directly.

Instead, a progressive web application (PWA) is created, which appears as a regular app on the device.

PWA behavior

The PWA receives its own icon, launch screen, and can run in the background using service workers.

The system also checks whether the app is already installed and, if detected, immediately redirects the user to the casino site.

Payment model and affiliate commissions

The network does not steal passwords or distribute malware.

Revenue is generated through affiliate commissions for user registrations and deposits.

According to Malwarebytes, payouts range from $50 to $400 for each user who makes a deposit.

Operational algorithm

The campaign uses purchased advertising traffic, device detection, fake app store presentation, and subsequent redirection to casino platforms.

This creates a chain where each step leads to an affiliate reward.

Code structure and reuse

FriendlyDealer is built as a single toolkit that allows rapid creation of new websites and app variants.

Changing a single configuration file enables the launch of new casino brands within minutes.

Code contents

The source code contains comments in Russian and integration with Yandex Metrica.

These elements may have been inherited from reused or previously acquired code.

Data collection and analytics

Each domain sends data to a central collection server — ihavefriendseverywhere[.]xyz.

The transmitted data includes browser parameters, language, time zone, advertising identifiers, and device information.

Telemetry and errors

The system logs JavaScript errors and sends them to the server along with timestamps and context.

If the connection is interrupted, the data is stored locally and sent later once connectivity is restored.

Advertising and tracking

The toolkit includes integrations with advertising platforms such as Google, Yandex, Facebook, and TikTok.

Advertising identifiers and tracking pixels are also used to monitor user actions.

Affiliate networks

Each user action is linked to a unique identifier used in analytics and offer routing.

This enables tracking of the user journey from click to registration and deposit.

User interaction mechanisms

Users may receive push notifications after granting permission.

These notifications are used as an additional channel to bring users back to the platform.

Device behavior

The system detects the user’s device and adapts the interface for Android or iOS.

It also uses redirection mechanisms to open the page in the appropriate browser, such as Chrome or Safari.

Distribution characteristics

Each domain functions as a separate entry point but uses the same underlying template.

By modifying the configuration, a new website with a different casino brand can be launched.

The algorithm combines advertising traffic, fake app store interfaces, and affiliate links for monetization.