FriendlyDealer mimics official app stores to push unvetted gambling apps

Keypoints

• The campaign, dubbed FriendlyDealer, deploys a single reusable web kit to spin up fake app-store pages across at least 1,500 domains, impersonating Google Play and the Apple App Store.
• Users are led to install Progressive Web Apps (PWAs) that appear as real apps on the home screen but are websites that redirect victims to gambling offers via affiliate links.
• The operation is designed for scale: one configuration file drives many brands (20+ casino brands observed) and disposable domains enabling rapid redeployment.
• The kit collects detailed telemetry and error logs and forwards them to ihavefriendseverywhere[.]xyz, including browser language, timezone, user-agent, ad identifiers, and JavaScript error reports.
• Technical measures to increase authenticity include device detection, correct platform fonts, browser-specific handlers to open Chrome/Safari, suppression of zooming, and use of Chrome’s install prompt to bypass unknown-source warnings.
• The campaign’s harm is financial—funneling users into unregulated gambling sites with no consumer protections—rather than installing malware or exfiltrating passwords.