Friendly Dealer Scam Targets Mobile Gambling App Users

Key Takeaways:

• Malwarebytes identified a large-scale social engineering campaign using over 1,500 domains to impersonate Google Play and Apple App Store interfaces, pushing unvetted gambling apps.
• The kit deploys Progressive Web Apps (PWAs) that mimic native app installation flows, bypassing standard unknown-source warnings on Android and leveraging Add to Home Screen on i OS.
• Risks include user redirection to unregulated casino sites via affiliate links, which could cause financial harm and weaken trust in official mobile distribution channels.

Friendly Dealer, a reusable scam kit exposed on 23 March 2026, creates fake app store experiences tailored to the visitor’s device. Android users encounter a Google Play-style interface with matching fonts and layouts, while iOS users see an Apple App Store replica. The campaign primarily promotes gambling-related apps and sites, often featuring titles like “Tower Rush” or “Chicken Road,” with identical fake reviews reused across listings.

A mini-game sometimes precedes the fake store to increase engagement. Tapping “Install” triggers Chrome’s PWA prompt on Android—displaying “Installed from Google Play Store” in device settings—or Safari’s Add to Home Screen on iOS, creating an app-like icon and splash screen. The kit forces browser redirects from social media traffic, requests notification permissions to persist, and uses service workers for background activity. Telemetry data, including browser details and ad IDs, is sent to a central domain.

This matters because mobile remains the dominant access point for iGaming outside the US, with users increasingly relying on official app stores for perceived safety and convenience. By abusing legitimate PWA features, the scam erodes that trust and funnels players toward unlicensed operators lacking proper age verification, responsible gaming tools, or regulatory oversight. It highlights vulnerabilities in how mobile browsers and app stores handle web-based “apps,” particularly in high-risk categories such as real-money gambling.

For operators, the campaign underscores the need for stronger brand protection and user education on how to verify official app sources. Legitimate mobile casino apps face indirect pressure as users grow wary of similar-looking experiences, potentially increasing acquisition costs and support burdens. Regulators and platforms may face calls for tighter controls on PWA installations and affiliate-driven gambling promotions.

Users risk depositing at unregulated sites with limited consumer protections, heightening exposure to unfair practices or addiction-related harm. The scam’s mobile-specific tactics—device detection, persistent notifications, and seamless redirection—demonstrate evolving fraud techniques that blend social engineering with platform features.

No new App Store or Google Play policy changes for gambling apps, mobile payment expansions involving Apple Pay or Google Pay, 5G-driven UX updates, or dedicated fraud prevention announcements from platforms emerged in the immediate period. However, the Friendly Dealer operation reinforces ongoing challenges in mobile security and the importance of platform-level safeguards against deceptive distribution methods.

Sources: Malwarebytes Blog – FriendlyDealer mimics official app stores to push unvetted gambling apps (March 2026).