homeindia News

How 2 fake Kerala lottery apps on Google Play Store lured many and got caught

How 2 fake Kerala lottery apps on Google Play Store lured many and got caught

3 Min(s) Read

By Pihu Yadav  Nov 15, 2022 8:55:32 PM IST (Updated)

Both the scam applications have over one million downloads and were found impersonating the Online Kerala lottery which operates in offline mode only.

Two applications that impersonated the Directorate of Kerala State’s lotteries — Kerala Lottery Online and India Kerala Lottery — were recently discovered by CloudSEK’s contextual AI digital risk platform XVigil.

Recommended Articles

View All

These applications would lure people into buying lottery tickets online. Threat actors used referral links to spread their campaigns. To prove legitimacy, threat actors impersonated government entities and created fake advertisements from accounts having over 200,000 followers on major social media platforms.

CloudSEK researchers found that both applications, ‘Kerala Lottery Online’ and ‘India Kerala Lottery,’ displayed the same privacy policy but operated under different names. Upon analysis of these two applications, the following email addresses were listed as the developer’s contact: OnlineKeralaLotto@gmail.com and sanjaykhankerala@gmail.com. This indicated that the government entity is not operating the apps.

Both the applications hosted on Google Play Store have over one million downloads and were found impersonating the Online Kerala lottery, which operates in offline mode. Logos of the Directorate of Kerala State Lotteries, National Informatics Centre, and Kerala State were used by the makers of the dubious apps.

The Kerala lottery department said the state sells only paper lottery tickets and prohibits online sales.

The fake applications would ask for several permissions, and notable among them was the request to install packages (install other applications on one’s device).

The research showed a strong connection between the applications developed in this campaign, and previous campaigns targeting (now banned) Instant Loan Apps. In both campaigns, ‘h5.domainname.tld’ was used to host important content of the website, which meant that the same group of threat actors or the same SDK was being used to create and launch such campaigns.

Threat actors have reportedly used a referral programme to spread their apps. There were multiple Telegram groups, YouTube videos, Facebook and Twitter posts promoting the scam applications.

On the landing page of the referral link, threat actors could be seen mentioning 5 percent of the winning amount to be shared with all the users of the referral link and a free entry/ticket to the lottery.

YouTube videos explaining the entire installation and usage procedure for the application were also found. A referral link was also shared by the video uploader in the description of the video. The video explains a different international lottery game but has a referral link to this campaign.

Fake profiles on Facebook, using photos of Hollywood actors, are being created and used to advertise the application. The Twitter account promoting the application has 200,000-plus followers, and has been promoting this application for over six months.

Check out our in-depth Market Coverage, Business News & get real-time Stock Market Updates on CNBC-TV18. Also, Watch our channels CNBC-TV18, CNBC Awaaz and CNBC Bajar Live on-the-go!