In a recent development, our team at Cloudsek has uncovered a noteworthy trend involving several high-net-worth individuals endorsing a gaming application. This promotional effort features prominent figures from various sectors, including business magnates and sports icons. In India, we have identified renowned personalities such as Mukesh Ambani, the chairman of Reliance Industries; cricket superstar Virat Kohli; Anant Ambani; and Olympic medalist Neeraj Chopra, all lending their influence to this mobile gaming initiative.
On the international stage, the trend extends to globally recognized figures, including soccer legend Cristiano Ronaldo, popular content creator James Donaldson—better known as Mr. Beast, Deadpool aka Ryan Reynolds, and acclaimed Pakistani actress Hania Aamir. This surge in endorsements by high-profile individuals highlights a strategic marketing approach aimed at attracting diverse audiences to the gaming platform. As this phenomenon continues to evolve, it raises essential questions about the implications for both the gaming industry and consumer behavior, warranting a closer examination of the strategies employed and the potential impacts on the market.
Description: The video describes Aviator, an investment game where users can earn money by investing a small deposit. The video shows an airplane flying with a multiplier of 17, 50, or 150, and the user automatically gets money by investing 1,000 Kenyan shillings. The video encourages viewers to download the Aviator app and take advantage of the bonus.
Key Organisations: Google Play, Bank of Africa, BMCE Group, Visa.
Use of Prominent News Channels
The promotional videos often commence with a news anchor discussing the mobile application and its impact on individuals from various backgrounds, emphasizing how it has helped people improve their daily lives. These segments frequently feature trusted news channels such as Aaj Tak, Republic TV, Zee News, and ARY News, as well as selected Kenyan news outlets.
Notable Indian news anchors like Shweta Singh from Aaj Tak, Arnab Goswami from Republic TV, and Sudheer Choudhary from Zee News lend their credibility to these promotions, enhancing the perceived legitimacy of the application. By leveraging the influence of established media figures, these marketing campaigns aim to resonate with a wider audience, tapping into the trust that viewers place in reputable news sources. This strategy not only amplifies the reach of the mobile application but also positions it as a valuable tool for improving everyday life.
Modus Operandi:
This Campaign starts with creating multiple fake domains, at least a week before the Ads are published on Facebook and Instagram. Mainly hosted on [.]top, [.]fun, [.]world top-level domains. As per our research, daily their 1k+ domains with the same web app hosted on them are registered for [.]top Top-Level-Domain (TLD), Origin Country for these domains - Belize (Central America) and the ISP used specifically for[.]top domains is IQWeb FZ-LLC.
A domain recently identified: Luckyavin[.]fun
Google Play Store Phishing links
These domains are designed to resemble Google Play Store or Apple App Store look-alikes, often featuring similar layouts and functionalities. Some of these sites even incorporate the official Google or Apple logos to enhance their legitimacy. To further deceive users, they include hard-coded comments and other data, making the websites appear more authentic to everyday consumers. Many users, particularly those who may not scrutinize the details closely, could easily be misled by these imitations. This tactic exploits the trust that individuals place in official app stores, ultimately aiming to lure unsuspecting users into downloading potentially harmful applications.
These domains are then back linked into the ads looking something like this.
In some cases, the link verifies the request to be originating from facebook, only then it redirects to a Google fake domain, otherwise nginx redirects the client to a simple website. This is most likely achieved using the ‘fbp’ string sent as a query parameter.
The Deep fake Ad Video:
The videos start with a deepfake of the news anchor discussing how the mobile gaming application has been helping individuals to earn money, and how many people have come out of poverty after using the gaming application. This is followed by another deepfake now altering facial attributes for branded individuals like Virat Kohli, who has been highly targeted in this campaign. Here, two cases have been observed:
- Individuals have been seen promoting the application, claiming how they have been playing on the app and earning more than 50K daily.
- Individuals, especially Virat Kohli, Mukesh Ambani and Anant Ambani are seen talking about how they have invested in this application to help other people.
In both the scenarios, the aim has been to attract more and more people to put money into the game.
Though the initial phase sees deepfake videos, recent change in trend includes deepfake video, processing for a few seconds, followed by a static image such as a clock, or transcript written over the screen. This is most likely to avoid detections from Meta.
Coverage:
The mobile application, which was initially designed to cater to the European Union (EU) population, has undergone a strategic shift in its marketing approach. As of early September, the focus has expanded significantly to target the Indian population, reflecting a keen interest in tapping into the diverse and rapidly growing user base in India. This shift also encompasses outreach efforts to several other regions, including Nigeria, Pakistan, Bangladesh, Saudi Arabia, and various countries in Southeast Asia.
Despite this broadening of target demographics, it is noteworthy that no instances of deepfake technology have been identified in connection with the promotional efforts aimed at the EU region. This absence raises interesting questions about the marketing strategies employed in different areas and suggests that the use of deepfakes may be more prevalent or accepted in other markets. As the application continues to expand its reach, monitoring these developments will be crucial for understanding the implications of such marketing tactics on user engagement and trust across different cultures and regions.
The Application:
From the fake playstore, if a visitor tries to install the game, a pop-up window appears requesting to install the app.
The installation in fact is a proxy_chrome that is installed, which through another [.]top domain launches a supposed ‘1win’ login.
The reach of the application is easily visible as seen above, that at a given time, 2.5K individuals are seen playing the game.
The catch is that to play the game a minimum top-up of Rs. 300 is required, so anyone who just wants to try their luck once also needs to pay Rs. 300, making scammers some base amount every time. Based on different countries, payment methods like UPI, AstroPay, VISA, MASTERCARD, and Crypto currencies like BTC, Ether, USDT are also available. This is what makes the scam a greater threat as there is no limitation to methods of scam.
While we deep dived into the application, and went through the live comments being shared, pretty soon it was clear that similar to pig butchering scams, the players are given initial profits on small hands they play, which is followed by heavy investments by these players leading to huge losses. Multiple players are seen in the comments demanding a valid Support number as the numbers available on the site were not responding to any queries.
Conclusion:
In conclusion, the emergence of deepfake technology has posed significant risks particularly through the proliferation of fake gaming applications. These deceptive apps often leverage deepfake techniques to create convincing avatars or content that can mislead users. Targeting vulnerable populations, they exploit trust in gaming culture and the desire for social interaction. The consequences can be severe, including identity theft, harassment, and the manipulation of personal data for malicious purposes. As these threats evolve, it is crucial for stakeholders—governments, tech companies, and communities—to implement robust digital literacy programs, enhance cybersecurity measures, and promote awareness of the dangers associated with deep fakes. By fostering a more informed and vigilant user base, we can mitigate the risks posed by these malicious technologies and protect individuals from exploitation.
CloudSEK has launched a Deep Fake Analyzer Tool, that is a free tool designed for the cybersecurity community. It identifies manipulated videos, images, and audio, helping professionals safeguard their organizations from deepfake threats. To know more: https://community.cloudsek.com/