Bengaluru, November 15: Dubious apps on Google Play Store have impersonated the Directorate of Kerala State's lotteries -- Kerala Lottery Online and India Kerala Lottery -- and are duping people, cybersecurity researchers warned on Tuesday.
Both the applications hosted on Google Play Store have over one million downloads and were found impersonating the Online Kerala lottery which operates in offline mode. According to AI-driven cyber-security firm CloudSEK, threat actors are using referral links to spread their campaigns. Online Fraud In Pune: Senior Clerk Duped Of Rs 1.70 Lakh By Cyber Fraudster By Posing As Credit Card Employee; Case Registered.
On the landing page of the referral link, threat actors can be seen mentioning 5 per cent of the winning amount to be shared with all the users of the referral link and a free entry/ticket to the lottery. Online Fraud in Hyderabad: Retired Bank Manager Duped of Rs 5.8 Lakh by Fraudsters on Pretext of Paying Electricity Bill Online.
"Cashing on the popularity of Kerala lottery, threat actors have created multiple apps and websites to sell tickets and conduct lotteries which is banned by Kerala state government," according to a CloudSEK researcher.
To prove legitimacy, threat actors impersonated government entities and create fake advertisements from accounts having more than 200,000 followers on major social media platforms.
"Logos of the Directorate of Kerala State Lotteries, National Informatics Centre, and Kerala state were used by the makers of the dubious apps. According to the Kerala Lottery Department, the state sells only paper lottery tickets and prohibits online sales," said security researchers. They found that both Kerala Lottery Online and India Kerala Lottery apps display the same privacy policy but operate under different names.
"Upon analysis of these two applications, the following email addresses were listed as developer's contact: OnlineKeralaLotto@gmail.com and sanjaykhankerala@gmail.com. This indicates that the government entity is not operating the apps," CloudSEK noted. The applications ask for several permissions and notable among them was the request to install packages (required to install other applications on your device).
There were multiple Telegram groups, YouTube videos, Facebook and Twitter posts promoting the scam applications. "Several websites have also been created to promote the apps and make the apps look legitimate," the researcher added.
(The above story first appeared on LatestLY on Nov 15, 2022 06:00 PM IST. For more news and updates on politics, world, sports, entertainment and lifestyle, log on to our website latestly.com).