Brand names lure users into casino PWAs

Scammers are using fake Google Play Store pages and paid social media adverts to push gambling-linked Progressive Web Apps, exploiting consumer trust in well-known retail, banking and streaming brands.

The campaign uses polished advertisements on platforms including Facebook, Instagram, Threads and TikTok, with some creatives carrying simple “Brand Slots” labels and others mimicking official product launches. The adverts borrow logos, colour schemes, app-style layouts and fabricated testimonials to suggest that household names have entered the online casino market. Several versions have used brand references including Tesco, Amazon, Monzo, Revolut and global entertainment services.

The fraud route is designed to look familiar. A user who taps an advert is taken to a scam-controlled page that imitates a Google Play listing, an Apple App Store page or a branded promotional site. The “Install” button does not download a vetted app from an official marketplace. Instead, it triggers a browser prompt that adds a Progressive Web App to the device home screen. Once installed, the icon and title can appear similar to a native app, while the underlying service opens a third-party casino site.

ADVERTISEMENT

Cybersecurity researchers tracking the campaign say the operation appears to be affiliate-driven. Tracking codes embedded in landing pages and launch URLs can attribute sign-ups, deposits and other user actions to the traffic source. Publicly advertised gambling affiliate programmes often offer payouts to promoters when users register or deposit money, giving fraud operators a financial incentive to invest in convincing advertising, repeated domain registration and rapid rebranding.

Progressive Web Apps are not inherently unsafe. They are websites designed to behave like apps, with home-screen icons, splash screens, push notification options and offline features. Legitimate businesses use them to make services faster and easier to access. The abuse occurs when criminals use the same browser functions to bypass normal user expectations around app-store review, developer identity and marketplace warnings.

A related gambling scam kit analysed earlier this year showed how operators can generate multiple fake app-store listings from a single reusable framework. The kit detected whether a visitor was using Android or iOS and then displayed a matching fake store page. Android users were shown a Google Play-style page, while iPhone users saw an Apple App Store-style page. The same infrastructure could be altered through configuration files to present different casino names, fake reviews and developer identities.

The technical flow also shows how carefully the operators manage user experience. Some pages attempt to move users out of in-app browsers and into Chrome or Safari, where PWA installation prompts are more likely to work. Others use identical usernames, profile photos and review text across multiple fake listings. The aim is not only to deceive users, but to reduce friction at the point where a cautious user might otherwise abandon the process.

The risk extends beyond misleading gambling promotion. Users may be routed to unregulated casinos that lack age checks, deposit controls, responsible gambling tools or clear dispute mechanisms. The same PWA technique has also appeared in phishing campaigns designed to steal one-time passwords, harvest contacts, read clipboard data and abuse browser permissions. That wider pattern has heightened concern that fake app-store pages could move from affiliate gambling abuse into more aggressive credential theft or financial fraud.

The campaign also exposes gaps in online advertising enforcement. Meta requires authorisation for online gambling and gaming advertisements, while TikTok requires certification, legal compliance, geographic controls and age restrictions for gambling promotion. Both platforms prohibit misleading or unlawful gambling adverts. Yet scam ads continue to appear, often through new accounts, cloaked landing pages, shifting domains and creatives that avoid explicit casino wording until after the first click.

Google Play permits real-money gambling apps only under strict country, licensing and compliance rules. Apps must meet policy requirements covering legality, user protection and market restrictions. The fake pages exploit the public’s familiarity with that trusted marketplace without being part of it. For many users, the visual similarity between a counterfeit listing and a legitimate store page may be enough to create a false sense of safety.



Notice an issue?

Arabian Post strives to deliver the most accurate and reliable information to its readers. If you believe you have identified an error or inconsistency in this article, please don't hesitate to contact our editorial team at editor[at]thearabianpost[dot]com. We are committed to promptly addressing any concerns and ensuring the highest level of journalistic integrity.


ADVERTISEMENT
Social Media Auto Publish Powered By : XYZScripts.com