MALWAREBYTES reports a social-engineering campaign dubbed FriendlyDealer that impersonates Google Play and the Apple App Store to push unvetted gambling apps across at least 1,500 domains. The operation uses a reusable kit to generate dozens of fake listings, with Android and iPhone variants showing the corresponding fake store, and even loading platform-appropriate fonts to mimic real stores.
It isn’t malware in the traditional sense; the goal is affiliate revenue, earning commissions every time someone signs up or deposits money at casino sites. The campaign has spawned many brands—Tower Rush (189 deployments), Chicken Road (97), and BEAST GAMES: ICE FISHING (43)—with fake reviews and uniform author details across brands.
Installations rely on a deceptive flow that uses Progressive Web Apps and redirects to casino offers, and perpetrators tally profits through affiliate networks, reportedly paying out $50 to $400 per depositing user. Indicators point to a Russian-speaking development context, and the operation coordinates via a single data-collection domain, ihavefriendseverywhere[.]xyz.