Skip to main content

3 posts tagged with "ciV-64"

View All Tags
DetectedDevice farmEmulator

OpenBet / Fanatics MI: VMOS virtual Android environment blocked — generic error, no wager path ✓

OpenBetFanatics Sportsbook
openbetfanatics-mivmosdevice-farmemulator

Source. June 23, 2026 weekly sync.
Ticket. CIV-64: MI advanced spoofing retest.

What we tested

A VMOS virtual Android environment against the Fanatics Michigan app (OpenBet Locator).

What happened

  • Access blocked. A generic error appeared immediately after login with no path to place a bet.
  • ⚠️ Error messaging uninformative — no guidance on why access was denied or how to recover.

Why it matters

OpenBet successfully blocked a device-farm vector that has bypassed other integrations in prior cycles. Contrast with undetected GPS simulator and TeamViewer paths on the same operator in the same month (June 8, CIV-89).

Cross-reference

OpenBet profile → · June 23 weekly sync →

PartialRemote accessNear border

OpenBet / Fanatics MI: HopToDesk remote control undetected on Android (TeamViewer + AnyDesk blocked)

OpenBetFanatics Sportsbook
openbetfanatics-mirdphoptodeskteamviewer

Source. June 2, 2026 weekly sync.
Ticket. CIV-64: MI advanced spoofing retest.

What we tested

During advanced spoofing retests near the Michigan–Canada border, the team tested several remote-control applications on Android against the Fanatics MI app (OpenBet), plus iOS screen sharing for comparison.

What happened

  • HopToDeskNOT detected at installation or during an active remote session on Android. Bets were placed consistently while a remote user was in control.
  • TeamViewer — detected and blocked.
  • AnyDesk — detected and blocked.
  • iOS FaceTime screen sharing — detected near the border.

Why it matters

This is a known detection gap for a specific tool, not a blanket failure: the two most common remote-access apps (TeamViewer, AnyDesk) are caught, and FaceTime screen sharing is caught on iOS — but HopToDesk slips through entirely on Android. A sophisticated fraudster who identifies this specific gap can use it to circumvent geolocation checks on Fanatics in Michigan while the obvious tools stay blocked.

Cross-reference

OpenBet profile → · June 2 weekly sync →

PartialRemote access

XPoint / bet365 MI: RustDesk evades detection when launched after the geolocation client (launch-order flaw)

Xpointbet365
xpointbet365-mirdprustdesklaunch-order

Source. June 2, 2026 weekly sync.
Ticket. CIV-64: MI advanced spoofing retest.

What we tested

RustDesk remote access against bet365 MI (XPoint) on both Windows and macOS, varying the launch order of RustDesk relative to the XPoint geolocation client.

What happened

  • RustDesk launched before XPoint → flagged immediately.
  • RustDesk opened after XPoint was already active → undetected on both Windows and macOS. Over 50 consecutive location checks passed with the remote tool running.
  • Detection only resumed once the XPoint client was manually rebooted.

Why it matters

The behaviour points to a one-time startup scan for prohibited software rather than real-time monitoring. The vulnerability stems from a predictable initialization sequence: an adversary who recognises the pattern can bypass desktop geolocation on bet365 MI simply by activating remote access after launch — a repeatable, low-effort gap that leaves a notable regulatory exposure open for the duration of a session.

Cross-reference

Xpoint profile → · June 2 weekly sync →