The Directorate of Kerala State's lotteries are being impersonated in the Google Play Store by dubious apps namely 'Kerala Lottery Online' and the 'India Kerala Lotter', cybersecurity researchers warned on Tuesday at the Kerala Lottery Online conference. 

The two Google Play Store applications have been downloaded over one million times. They were found to be impersonating the offline Kerala lottery which operates in an online mode. This is why they exist in the Google Play Store. 

In a recent report, the AI-driven cyber-security firm CloudSEK reported that the vast majority of campaigns were spread via referral links. 

It is evident on the referral link's landing page that threat actors mention that 5 percent of the winning amount will be shared among all the users of the referral link as well as a free entry into the prize draw for the referral link there. 

Kerala lottery has become one of the most popular lottery games in the world. Threat actors have taken advantage of its popularity by creating apps and websites offering lottery tickets and conducting lotteries. However, these lotteries were outlawed by the Kerala government, according to researchers at CloudSEK. 

During the fraudulent campaign, threat actors impersonated government agencies and created fake ads appearing on major social media platforms from accounts with a following of more than 200,000 followers to prove legitimacy. 

In addition, the makers of the dubious apps used the logos of Kerala State Lotteries, Kerala State, and the National Informatics Centre, in addition to Kerala State. The Kerala Lottery Department states that the state only sells paper lottery tickets and prohibits online sales, security researchers reported. 

It was discovered, both Kerala Lottery Online and India Kerala Lottery apps displayed the same privacy policy, however, they operated under different names, displaying similar information. 

The CloudSEK researcher's analysis explained that the application's contact section contains the following email addresses listed in the developer's contact section: OnlineKeralaLotto@gmail.com and Sanjaykhankerala@gmail.com. Consequently, CloudSEK pointed out that these emails indicate that the government entity is not operating the apps, as they indicate that the government entity is not operating them. 

There are several permissions that the applications ask for, and among them is permission to install packages. 

There were numerous Telegram groups, YouTube videos, Facebook posts, and Twitter posts promoting scam apps that were being spread by Telegram groups. 

The researchers stated, "Several websites have also been created to give legitimacy to these apps and promote them to make them appear legitimate".