PartialRemote access
XPoint / bet365 MI: RustDesk evades detection when launched after the geolocation client (launch-order flaw)
xpointbet365-mirdprustdesklaunch-order
Source. June 2, 2026 weekly sync.
Ticket. CIV-64: MI advanced spoofing retest.
What we tested
RustDesk remote access against bet365 MI (XPoint) on both Windows and macOS, varying the launch order of RustDesk relative to the XPoint geolocation client.
What happened
- ✓ RustDesk launched before XPoint → flagged immediately.
- ✗ RustDesk opened after XPoint was already active → undetected on both Windows and macOS. Over 50 consecutive location checks passed with the remote tool running.
- Detection only resumed once the XPoint client was manually rebooted.
Why it matters
The behaviour points to a one-time startup scan for prohibited software rather than real-time monitoring. The vulnerability stems from a predictable initialization sequence: an adversary who recognises the pattern can bypass desktop geolocation on bet365 MI simply by activating remote access after launch — a repeatable, low-effort gap that leaves a notable regulatory exposure open for the duration of a session.
Cross-reference
- OpenBet / Fanatics MI — HopToDesk undetected on Android (CIV-64) — the mobile half of the same MI advanced-spoofing retest.
- Bet365 MI (Radar / XPoint) — full integration validation (May 26) — prior multi-issue cycle on the same operator.
- Bet365 NJ (XPoint) — macOS↔macOS RDP via Tailscale undetected (May 26, CIV-73) — second XPoint remote-access gap, different mechanism.