OpenBet / Fanatics: Mac-to-Android remote control undetected, bets placed
Source. June 2, 2026 weekly sync.
Ticket. CIV-79: Fanatics — Mac-to-Android remote control (OpenBet).
What we tested
A cross-platform variant of the remote-control fraud pattern: a tool allowing a Mac laptop to remotely control an Android phone from a different network was used to place bets on Fanatics (OpenBet). The phone sat inside the permitted state; the controlling Mac did not.
What happened
- ✗ OpenBet did not detect the remote-control session during a sustained test.
- ✗ Bets were placed on Fanatics through the remotely-controlled Android device.
Why it matters
This extends the week's remote-control gap beyond macOS↔macOS to a desktop→mobile path. The same "proxy device inside the state" risk applies: a user outside a licensed state bets through a device that is physically in-state. Confirming the gap on a third integration (after Radar/Underdog and XPoint/Bet365 NJ) makes it a campaign-level concern rather than a single-vendor quirk.
Cross-reference
- Bet365 NJ (XPoint) — macOS↔macOS RDP via Tailscale undetected (May 26, CIV-73) — the origin finding for this campaign.
- Radar / Underdog DFS — remote screen control via Tailscale undetected for 20+ minutes (CIV-81).
- GeoComply / Bally Bet NJ — the same class of remote-control attack blocked ✓ (CIV-82) — direct contrast.