PM Modi Took Action on WinGo App Targeting Android Users -

Post Views: 134

“WinGo App has made a huge amount of Android users victims and played with their money.”

Are you familiar with the WinGo app? You may have noticed it when scrolling through reels or in an advertisement. Police and the government have both warned against this app, particularly for Android users.

It’s an app that allows users to earn cashback, gifts, or money. Users must finish a few activities in order to accomplish this. The software pays the user money in exchange for these chores.

One such app is WinGo. It entices consumers with the prospect of swiftly and easily making money.

How does it work?

This app will start sending you 80–100 messages per day as soon as you install it on your phone.
It will assign its users simple tasks, like forwarding messages, in return for a payment.
This software builds users’ trust by demonstrating its potential for profit.
These little incentives will lure you in and cause you to start doing the things they recommend.
Before you realize it, you’ll have been an unsuspecting participant in a crime.

Arvind Ojha, Report, Aaj Tak

According to the analysis, these chores and messages seem normal at first, but they are actually connected to cybercrime. This app is used by millions of people in the nation, the majority of whom are connected via Telegram.

Officials

The target audience of the cybercriminals is clearly specified. They prey on vulnerable populations that are easily tricked by their methods and lack adequate cybersecurity understanding. It’s also crucial to note that this app promotes investing by offering users a variety of investment options and promising a better future.

Why did this Scamming Game become Dangerous?

Users become so engrossed in this scheme that they even enroll their friends and family in the app in an attempt to boost their membership.

Why can’t the scammer be traced?

The WinGo app uses UPI or personal digital wallets rather than sending money straight to bank accounts. Transaction tracing becomes challenging as a result. Once you invest your money in it, the software disappears without a trace.

In addition to blocking the user’s account, the app frequently vanishes from the Play Store. Users who are terrified and in a panic contact the customer service hotline listed on the app. When they learn that the provided customer service numbers are likewise fraudulent, they are even more shocked.

In other words, the user loses everything because of a small amount of greed. This fraud has already affected a large number of people.

What else does it do?

Your data is also stolen by this app.
When you install the app on your phone, it requests access to:

Location,
Photo Gallery,
Contacts, and
Other Information.

Users frequently provide all these rights without paying attention.
The program readily harvests user data by taking advantage of this.

What is WinGo APK?

WinGo is a number betting and color prediction game. It is generally integrated with larger gambling “clubs” or apps (like 91 Club, Daman Games, or Big Daddy).

The Game: It’s a fast lottery. A random result with a color (Red, Green, or Violet) and a number (0–9) is produced every 1, 3, or 5 minutes.
The Goal: Gamers wager money on the next color or number to appear. They get paid if their guess is accurate (typically 2x for colors and 9x for numbers).

Why is it “Non-Traceable”?

Promoters frequently utilize the double-edged sword of claiming that these APKs are “non-traceable” to entice users. The truth behind that word is as follows:

Off-Market Distribution: The official Google Play Store seldom ever has these apps. APK files on Telegram or WhatsApp are used to distribute them. Official app security audits are circumvented in this way.
Anonymous Payments: They frequently make use of bitcoin or shadow UPI gateways. While not really “non-traceable” for law enforcement, it makes it very difficult for an average user to identify where their money went once a “withdrawal” is denied.
Server Relocation: It is practically impossible for local authorities to shut down the back-end servers or track down their owners because they are usually located in countries with permissive gambling laws, usually in Southeast Asia.
Encrypted Communication: Many of these apps send “signals” or “predictions” over encrypted channels, concealing from the user the game’s true logic.

How It Works (Step-by-Step)

The procedure often looks like this if you download the APK:

Registration: You register with a mobile number and a “Referral Code.” These codes are required for the “Multi-Level Marketing” (MLM) structure, where the person who invited you gets a part of your losses.
Deposit: Sending money to a random UPI ID that the software provides allows you to “recharge” your wallet.
The Betting Loop: * The timer counts down (60 seconds, for example).

You choose “Green” or “Red” and input a sum (like $10).
A random number generator (RNG) selects a result when the timer reaches zero.

The “Win” Phase: Your wallet balance is instantly updated if you win.
The Withdrawal Trap: This is where a lot of folks have problems. Small withdrawals are typically effective in fostering trust. The software may flag an account for “suspicious activity” or “maintenance” after a user wins a lot of money or makes substantial deposits, thereby taking the money.

Origin of the APK

It is generally accepted that white-label software providers in China and Southeast Asia are the source of the particular “WinGo” betting modules.

These color-prediction games’ “source code” is sold by developers on specialist forums or the dark web.
Local “operators” purchase the code, rebrand it (such as “WinGo Gold” or “Royal WinGo”), and sell it in particular nations (mostly Nigeria, Brazil, and India).

The Critical Risks

Warning: Most WinGo-style APKs are classified as unregulated gambling or “Ponzi” schemes.

Algorithm Manipulation: The admin can modify the “random” results to make sure the “house” always wins during high-bet rounds because the APK is not audited.
Data Theft: Because you are sideloading an APK, it can be infected with malware that can access your gallery, contacts, and SMS (to read OTPs).
Financial Fraud: If the app owners choose to shut down the server and disappear with the deposits, there is no legal remedy.

Serious Actions Taken

According to a directive issued by Gautam Buddh Nagar Police Commissioner Lakshmi Singh, a suspicious earning app named WinGo was found during the investigation into cyber fraud involving e-challans.

She cautioned users to be aware of apps and platforms that promise large incomes with little work, offer SMS assignments, message forwarding, or require deposits. Any suspicious behavior should be reported right away to the closest police station or the National Cybercrime Reporting Portal.

This app has also been targeted by the Ministry of Home Affairs. Four Telegram channels with 153,000 users have been shut down, and their servers have been banned. More than fifty-three YouTube videos have been taken down.

How to avoid this?

Apps that promise daily gains or guaranteed revenues should be avoided.
Always examine the company’s website, ratings, and registration before downloading.
To find out what data the app is accessing, check your privacy settings.
Never make a payment in advance.
Payments to unidentified UPI IDs or QR codes should not be made.
Never share your bank account information or OTP.
Don’t freak out if you fall victim to fraud. You can contact the helpdesk at 1930 to file a complaint.
You can also file a complaint on gov.in.
Go to the closest police station and make a complaint if you have any doubts.
Going forward, be sure to thoroughly investigate any software before utilizing it. Think carefully before putting your hard-earned money anywhere and be secure.

“Red Flag” Apps (2025–2026)

Use extreme caution if you come across these names on Telegram, WhatsApp, or through unreliable APK links:

- 91 Club: Among the most popular applications for color prediction. In high-stakes games, users often complain of “withdrawal freezes” and manipulated algorithms that guarantee the house always prevails.
- Tiranga Games: Frequently advertised through social media influencers. Cybercrime units are currently keeping an eye on it because it operates without regulatory approval and uses the same “red vs. green” betting rationale.
- BDG Game (Big Daddy Game): Renowned for its aggressive marketing on Telegram. It frequently employs “mentors” who offer “VIP signals” but ultimately cause users to lose all of their money.
- Daman Games: Like WinGo, it emphasizes brief betting cycles (one and three minutes) that are intended to promote compulsive, fast-paced gaming.
- Sikkim 777 & Bharat Club: When older apps are prohibited, these more recent clones show up. They frequently need access to your SMS and contacts, which poses a serious privacy concern.
- King567: Recently, the focus of a significant money-laundering probe involving hundreds of crores by the Enforcement Directorate (ED).

A Deep Threat Assessment: What does it do?

When we deeply analyze the “WinGo Apk”, we discover the following things that are very much concerning for the Android Users:

SHA256 : 91c5e2b4ea76a4a143c7a9c119919b7dfed957ec248ca32bffd2761dc46bc74a

MD5 : 8a36c94581647dc3e90f80e9053cb04b

SAMPLE NAME: WinGoV25

VirusTotal Score: 1/66

package= com.wingo.plus

Framework Cocos2d-x —> org.cocos2dx.javascript.*

The primary function is to facilitate communication between the JavaScript game code and native Android features

Application Component Manifest File

org.cocos2dx.javascript.AppApplication

Custom Application class used to initialize the app, load native libraries, and set up global state for the Cocos2d-x framework.

Activities

org.cocos2dx.javascript.AppActivity

Main launcher activity

org.cocos2dx.javascript.util.MyWebViewActivity

Activity designed to display web content inside a WebView

com.yalantis.ucrop.UCropActivity

Third-party activity used for image cropping functionality.

Services

org.cocos2dx.javascript.download.DownloadService

Background service responsible for downloading files or application resources.

Content Providers

androidx.core.content.FileProvider

SYSTEM

androidx.startup.InitializationProvider

AndroidX startup provider —System

Native Library

cocos2djs

Native library powering the Cocos2d-x JavaScript runtime used by the application.

Permission

google.android.gms.permission.AD_ID –> Advertising ID
permission.INTERNET –> INTERNET Access
permission.ACCESS_NETWORK_STATE –> access information about networks
permission.CHANGE_NETWORK_STATE –> change network connectivity state
permission.ACCESS_WIFI_STAT –> access information about Wi-Fi networks.
permission.WRITE_EXTERNAL_STORAGE –> Write to Storage
permission.READ_EXTERNAL_STORAGE –> Read From Storage
permission.REQUEST_INSTALL_PACKAGES –> Allows an application to request installing packages.
permission.SEND_SMS –> Allows an application to send SMS messages.
permission.READ_PHONE_STATE –> Allows read-only access to phone state (IMEI, SIM data)

Findings

On Boot up, it initially prompts the user for some permissions.

Findings Overview

A method inside the application potentially leveraging the “REQUEST_INSTALL_PACKAGE” permission.

A DownloadService which download some resources and temporarily saves them before moving it into a different location

Watch this video if you don’t want to become a victim

About The Author

Suraj Koli is a technical writing content specialist focused on cybersecurity & information security. He has written many amazing articles related to cybersecurity concepts, with the latest trends in cyber awareness and ethical hacking. Find out more about “Him.”

CODORRA Hackathon 2026: India’s Premier Cybersecurity Hackathon