Competitive Intelligence โ Weekly Sync
๐ Week 3 โ April 7, 2026 ยท โฑ 30 minutes ยท ๐ฅ Weekly cadence
1 ยท Competitive and Client Testing (Julia) โ Key Findingsโ
- โ Radar VMOS not detected on second attempt โ FD WV regression
Allowed bets from Tennessee on the West Virginia app. Opposite of the Mar 31 positive result. - โ Radar rooted Android (hidden root) not detected at Saracen AR โ confirmed result from FD WV. Re-tested from TN with all root-hiding steps confirmed.
- โ Radar resigned Saracen AR iOS app โ DETECTED โ
App flagged with appropriate error messaging; account not blocked. Contradicts the FD WV result. Follow-up validation scheduled pending the next iOS app release. - โ Radar jailbroken root-hidden iOS not detected โ Sleeper Sports, PrizePicks, Fliff
Three operators, one structural gap โ users with jailbroken devices bypass geolocation controls and wager from prohibited locations.
XPoint โ RSI DE โ Key findings so farโ
- โ Critical security gap โ FaceTime RDP not detected โ MI user wagered on DE iOS
Casino + sportsbook both allowed remote wagers. Confirmed cross-region with AZ โ structural failure. - โ Border performance โ near-border pass/fail inconsistent; erroneous failures even moving away from the boundary. Active session SUSPENDED on DE-MD crossing before any spoofing attempt. Static/mobile toggling friction near MD + DE borders vs GeoComply seamless PA.
- โ macOS install + UX โ requests access to documents folder (known issue). AnyDesk installed (not running) silently blocks betting โ false positive.
- โ Mac CPU โ 1-minute interval spikes from 0.5% โ 16% during poker gameplay.
Additional research โ Leaked keys casesโ
- Anatsa (TeaBot) banking trojan via Google Play, large-scale campaign (77 apps) โ runs on real, certified devices in legitimate sessions; payload delivered later. Mass credential theft + financial fraud across regions.
- GoldFactory campaign (repackaged banking apps) โ attackers modified legitimate banking apps, injected malicious code, redistributed them. Integrity checks can be bypassed/removed in repackaged apps.
- SharkBot banking malware (NCC Group + Cleafy) โ Accessibility abuse for credential theft + unauthorized transactions from victims' devices.
- All integrity checks passed because fraud was performed on real, Play-certified devices within legitimate app sessions.
- Similar story with Xenomorph banking trojan via Google Play apps.