Deepfake Videos Of Virat Kohli, Others Used To Promote Fraudulent Gaming App: CloudSEK
CloudSEK’s investigation showed that deepfake videos feature well-known celebrities and high-profile individuals endorsing a mobile gaming application called Aviator.
A widespread deepfake video scam is leveraging famous Indian personalities, including Virat Kohli, Mukesh Ambani, Anant Ambani and Neeraj Chopra, along with international figures, to promote fraudulent mobile gaming applications, according to cybersecurity firm CloudSEK.
CloudSEK’s investigation showed that deepfake videos feature well-known celebrities and high-profile individuals endorsing a mobile gaming application called Aviator.
Scammers use these videos to lure people to download the dubious app and have also created a fake Play Store to appear genuine. The research team identified a series of deceptive campaigns targeting users in India, Pakistan, Nigeria, Saudi Arabia, among others.
International icons like Christiano Ronaldo, James Donaldson (Mr. Beast), Deadpool aka Ryan Reynolds and Pakistani actress Hania Aamir are also shown promoting the app.
One of the videos shows Mr. Beast in a fictitious promotion for the African market, explaining how users can earn money in the Aviator game by investing small amounts, like 1,000 Kenyan shillings, and gaining returns based on a multiplier. Virat Kohli has been one of the most frequently targeted figures for similar deepfakes in South Asia, according to CloudSEK.
The videos often start with manipulated footage of news anchors, including Shweta Singh (Aaj Tak), Arnab Goswami (Republic TV) and Sudhir Chaudhary. These fake broadcasts claim that the mobile application has been helping people from all walks of life earn money easily.
The use of news channels such as Aaj Tak, Republic TV, Zee News and ARY News adds a layer of credibility to the scam, making unsuspecting viewers download the fraudulent app.
Initially targeting the EU population in early September 2024, the scam has now expanded to India and various other regions, including Nigeria, Pakistan, Bangladesh, Saudi Arabia and Southeast Asia.
One of the deceptive tactics employed is the use of Google Play Store phishing links. Users are misled into believing that they are downloading the app from a legitimate platform, while the links actually direct them to fraudulent phishing pages.
Phishing domains, such as avatarsky[.]one, are used to impersonate the Google Play Store, while proxy apps like Proxy_chrome are installed on victims’ devices. These malicious apps appear legitimate, showing real-time statistics like “2,500+ people playing,” with multiple payment options, including UPI and cryptocurrency, luring unsuspecting users into the scam.
CloudSEK research showed over 1000+ phishing domains are being created every day, predominantly using the .top Top-Level Domain (TLD). The scammers also offer various fraudulent payment methods, including bank transfers to accounts in CSB Bank and City Union Bank and cryptocurrency transactions in Bitcoin, Monero, Tron, Ethereum and BNB.
