GBHackers

Fake Google Play Store Pages Use Trusted Brand Names to Push Gambling PWAs


Scammers are exploiting consumers’ trust in household and financial brands by deploying polished fake Google Play Store pages and social media ads that push Progressive Web Apps (PWAs) linked to online casinos.

The fraud begins with paid social creative on platforms including Facebook, Instagram, Threads and TikTok. Ads present either simple “Brand Slots” labels or increasingly sophisticated forgeries that borrow real logos, product interfaces and even AI-generated video footage showing apparent staff or branded locations.

These ads claim an “official” launch of slot or casino apps, sometimes pairing fabricated testimonials or fake app-store metadata to amplify credibility.

Clicking the ad leads to a scammer-controlled landing page that mimics a Google Play or App Store listing or a branded promotional page; the “Install” button does not download a vetted app from an official store but instead triggers a browser prompt to add a PWA to the device home screen.

Once installed, the PWA appears like a native app titled and iconised with the impersonated brand yet it is a thin wrapper that loads a third-party casino URL.

According to Netcraft, investigation reveals a coordinated affiliate-driven campaign that impersonates names such as Tesco, Amazon, Monzo, Revolut and global streaming services, routing users from paid social ads to counterfeit app listings that ultimately install PWAs which open unrelated gambling sites.

Fake Play Store page for “Amazon Slots.” This is the landing page that the above “Tesco Slots” ad leads to (Source : Netcraft).

Affiliate tracking parameters embedded in the PWA and launch URL allow the operator to attribute downstream actions, such as registrations and deposits, back to the advertising campaign.

Fake Google Play Store Pages

Netcraft observed that the affiliate economics likely drive the scheme: public information on affiliate platforms suggests cost-per-acquisition payouts for depositing players typically range between $50 and $350, explaining why attackers invest in convincing creative and wide ad distribution.

one series targeting Monzo customers showed apparent Monzo app screenshots with a fabricated balance, alongside copy reading “MONZO OFFICIALLY LAUNCHES ONLINE SLOTS.”

Multiple consistent features emerge across the campaigns. Creative tiers range from simple text-based ads that insert any brand name, to fabricated “official announcements” that use brand color schemes and forged UI screenshots, to AI-generated promotional videos that place fabricated brand employees and locations at the center of the pitch.

Image-based scam ad claiming “Monzo officially launches online slots”, as well as a Monzo balance (Source : Netcraft).
Image-based scam ad claiming “Monzo officially launches online slots”, as well as a Monzo balance (Source : Netcraft).

Landing pages vary from fake app listings complete with phony developer names, download counts and manufactured reviews to interactive pre-landers that simulate guaranteed wins on a branded spin wheel and then prompt the user to “claim” a prize by installing the PWA.

Domain choices favor generic or innocuous-looking hostnames seekerlucid.shop and optimisphantasm.shop are examples reducing the chance of immediate detection by automated filters.

In other cases attackers use branded domains or URLs that visually mimic legitimate addresses, further lowering suspicion.

Netcraft’s analysis also shows operational consistency: single advertisers frequently run many ad variants across markets and languages, and in some instances the same infrastructure served impersonations of different brands, implying a shared threat actor or affiliate network.

PWA install prompt (Source : Netcraft).
PWA install prompt (Source : Netcraft).

Platforms and advertisers must strengthen creative verification, monitor for brand impersonation, and disrupt affiliate flows that direct users to gambling endpoints.

For users, the risk is twofold: financial loss through gambling and the erosion of trust in authentic brand communications. PWAs installed this way can obscure the true destination by presenting a branded title bar and a minimized browser chrome, making it easy to mistake a casino site for an official branded app.

Mitigations require a mix of user vigilance and platform action. Consumers should treat unsolicited “official launch” ads with skepticism, verify app sources via official vendor pages, and avoid installing PWAs from unknown landing pages.

Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.



Source link