Both the scam applications have over one million downloads and were found impersonating the Online Kerala lottery which operates in offline mode only.
Two applications that impersonated the Directorate of Kerala State’s lotteries — Kerala Lottery Online and India Kerala Lottery — were recently discovered by CloudSEK’s contextual AI digital risk platform XVigil.
Recommended ArticlesView All
World Cancer Day 2023: Early detection is crucial for reducing the global burden
Feb 4, 2023 IST5 Min(s) Read
World Cancer Day 2023: A way forward to better management of cancer this year!
Feb 4, 2023 IST6 Min(s) Read
Pakistan economy at alarming level as foreign reserves drop to $3.1 billion from $16.6 billion in a year
Feb 3, 2023 IST3 Min(s) Read
FM Nirmala Sitharaman speaks on inflation, taxes, GDP and more. Read the full interview here
Feb 3, 2023 IST37 Min(s) Read
These applications would lure people into buying lottery tickets online. Threat actors used referral links to spread their campaigns. To prove legitimacy, threat actors impersonated government entities and created fake advertisements from accounts having over 200,000 followers on major social media platforms.
Both the applications hosted on Google Play Store have over one million downloads and were found impersonating the Online Kerala lottery, which operates in offline mode. Logos of the Directorate of Kerala State Lotteries, National Informatics Centre, and Kerala State were used by the makers of the dubious apps.
The Kerala lottery department said the state sells only paper lottery tickets and prohibits online sales.
The fake applications would ask for several permissions, and notable among them was the request to install packages (install other applications on one’s device).
The research showed a strong connection between the applications developed in this campaign, and previous campaigns targeting (now banned) Instant Loan Apps. In both campaigns, ‘h5.domainname.tld’ was used to host important content of the website, which meant that the same group of threat actors or the same SDK was being used to create and launch such campaigns.
Threat actors have reportedly used a referral programme to spread their apps. There were multiple Telegram groups, YouTube videos, Facebook and Twitter posts promoting the scam applications.
On the landing page of the referral link, threat actors could be seen mentioning 5 percent of the winning amount to be shared with all the users of the referral link and a free entry/ticket to the lottery.
YouTube videos explaining the entire installation and usage procedure for the application were also found. A referral link was also shared by the video uploader in the description of the video. The video explains a different international lottery game but has a referral link to this campaign.
Fake profiles on Facebook, using photos of Hollywood actors, are being created and used to advertise the application. The Twitter account promoting the application has 200,000-plus followers, and has been promoting this application for over six months.