About Teletype
Join
H
@hawkeye
December 8, 2020

Maskware service provider Multi.app

Confidential. Research by arm17 team. 12.07.2020

Intro

Day by day we are seeing the rise of maskware apps approach, and recently we discovered a full-featured service, marketplace for such type of apps.
Here is it - https://multi.app


To prove all screenshots below you can use login credentials:

https://multi.app/signin

littlenigtfg@gmail.com af58515d47d9

Registration is open(at the time of writing the current blog post), so if this account will be blocked, you always can register a fresh one.


As you can see more than ten apps available currently, and they've told that they have always reserve apps, not listed in public. You can see apps for both Android and iOS platforms.


This service works as a middleman between app creators and gambling/betting/other services owners(next we’ll call them “Advertisers”). They are paying app creators up to 7(seven) cents per install for developing and uploading apps to Google Play. To work with the service they have special cloaking API. which app developers should use to hide real gambling(mainly) landing pages and show legitimate content to Google moderators.


For illegal gambling operators, they provide service for 12(twelve) cents per install. So Multi.app earning 5 cents from each scam install.

Applications screen

On this page, “Advertiser” can see and choose an application from the list

  1. He can create a traffic stream
  2. See how much more “Ad cabinets” available
  3. Supported traffic sources
  4. Name of the app and current rating

Stream creation

  1. Choose traffic source
  2. Managing Clickid parameters, as we understood this using for the fine tune of ads campaign using in-app events
  3. Choose a country
  4. Choose presets for push messages(depends on maskware type - gambling, crypto, etc.) - so they have even retention in place

After everything filled, the created stream going to moderation and after this “Advertiser” getting deeplink or link to Google Play Market, depends on traffic sources

Billing

To run traffic on maskware apps you should add money to the account. By RUB currency and Yandex we can understand the country of origin - Russia.

Instructions for developers

Are available on Russian language and only for "Developers" account type.

In then manual everything described in details

  1. How to use cloaking API to detect moderators, domains are frequently changes
  2. Full instruction on how to prepare screenshot for app listing and what app developer should show to moderators inside the app
  3. How to implement main SDKs for all maskware: OneSignal for push messages, Facebook, Appsflyer, Yandex Metrica. All requirements how to setup user attribution inside the app

Conclusion

Maskware type of scam apps and actors behind them becoming more mature and trying to build services around it. Proposed approach - only massive apps removing with quick turnaround and stop them.

Currently, 300+ maskware apps are online. In the mid of summer usually, it's was not more than 100-150 apps online by our researches.

Confidential. Research by arm17 team. 12.07.2020

@hawkeye
December 8, 2020, 08:34
0 views