Threat Advisory

Scammers Exploiting Trusted Brands For Casino Traffic

Threat: Phishing Campaign
Targeted Region: United Kingdom & Europe
Targeted Sector: Technology & IT, Retail & E-commerce
Criticality: High
[subscribe_to_unlock_form]

EXECUTIVE SUMMARY

Threat actors are impersonating major global brands, including financial institutions and retailers, to execute fraudulent advertising campaigns. These operations target consumers across regions like the UK and Europe by falsely claiming that trusted companies have launched online gambling products.[/subscribe_to_unlock_form]

EXECUTIVE SUMMARY

Threat actors are impersonating major global brands, including financial institutions and retailers, to execute fraudulent advertising campaigns. These operations target consumers across regions like the UK and Europe by falsely claiming that trusted companies have launched online gambling products.[emaillocker id="1283"]

The attackers aim to generate affiliate revenue by driving traffic to third-party online casinos. Instead of stealing data or demanding ransom, the primary objective is financial gain through user acquisition fees, effectively exploiting brand trust to deceive victims into engaging with unregulated gambling platforms.

The attack chain begins with paid social media advertisements featuring AI-generated content or stolen brand imagery, which directs users to fake landing pages mimicking official app stores. When victims attempt to install the application, they receive a Progressive Web App rather than legitimate software. This PWA creates a branded icon on the device, functioning as a browser wrapper that loads an external casino site. Attackers maintain control by embedding affiliate tracking links within the PWA, ensuring they receive payment whenever a victim registers or deposits funds into the gambling platform.

THREAT PROFILE:

Tactic Technique ID Technique Sub-technique
Initial Access T1566.002 Phishing Spearphishing Link
Initial Access T1189 Drive-by Compromise
Execution T1059.007 Command and Scripting Interpreter JavaScript
Persistence T1547.009 Boot or Logon Autostart Execution Shortcut Modification
Defense Evasion T1036.001 Masquerading Invalid Code Signature
Command and Control T1102 Web Service

 

REFERENCES:

The reports contain further technical details:
https://www.netcraft.com/blog/branded-gambling-campaigns-how-scammers-are-exploiting-trusted-brands
https://cybersecuritynews.com/scammers-impersonate-trusted-brands/

[/emaillocker]
crossmenu