Fake apps on Google Play Store are now posing as Directorate of Kerala State’s lotteries namely, Kerala Lottery Online and India Kerala Lottery. The cybersecurity researchers warned on Tuesday that the fake apps are trying to dupe people.
Over a million people have downloaded each of the Google Play Store-hosted applications, which were discovered to be impersonating the offline-only Online Kerala lottery. The people operating the apps are using referral links for promotion.
The fake lottery app is claiming that 5% of the winning amount would be split between users who joined using the referral link and a free entry in the lottery. This was reported by an AI-driven cyber-security firm CloudSEK.
According to a CloudSEK researcher, “Cashing on the popularity of Kerala lottery, threat actors have created multiple apps and websites to sell tickets and conduct lotteries which is banned by Kerala state government.”
Threat actors created false advertisements from accounts with more than 200,000 followers on prominent social media platforms and impersonated government institutions to demonstrate their validity.
“Logos of the Directorate of Kerala State Lotteries, National Informatics Centre, and Kerala state were used by the makers of the dubious apps. According to the Kerala Lottery Department, the state sells only paper lottery tickets and prohibits online sales,” researchers added.
They discovered that although Kerala Lottery Online and India Kerala Lottery apps have different names, they both display the identical privacy policy.
In their statement, CloudSEK said, “Upon analysis of these two applications, the following email addresses were listed as developer’s contact: [email protected] and [email protected]. This indicates that the government entity is not operating the apps.”
The fraudulent app required several unnecessary permissions on a device after installation, one of them being permission to install packages that allow them to install other applications to the device.
Several campaigns were run on different social media platforms like Telegram groups, YouTube videos, Facebook and Twitter in order to promote the scam app. “Several websites have also been created to promote the apps and make the apps look legitimate,” the researchers added.