As public approval for online sports betting has increased, so has the number of states that allow sports betting. See the linked CBS sports article from January of this year for states where sports betting is legal. According to the article, it is currently legal to bet in 33 states. Ohio, as of 1 January 2023, allows mobile and in-person sports betting [4].

Secure Cyber Defense’s Security Operations Center has observed the application GeoComply was recently detected by a Fortinet signature. We further researched and identified the GeoComply application and its purpose – GeoComply is used for location detection commonly associated with determining geolocation compliance [1]. We researched the signature and the application type to identify further that this application was commonly associated with sports betting utilities such as DraftKings. These types of application use the GeoComply software to determine where sports betting is occurring, as certain types of betting is not available in all 50 states [2]. We also identified that this may leave a potential security risk, as DraftKings has faced security breaches before [3].

What is the Risk?

  • Usage of personal data, credit card information, and banking numbers
  • Vulnerabilities associated with supported applications
  • Data breaches
    Compliance issues

Removal and Recommendations:

We recommend the removal of any sports betting software. GeoComply, meanwhile, may be valid as used for geolocation compliance.

Example Process File Locations:

– C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exe

– C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.process-scanner-microservice.exe

– C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.internal-updater-microservice.exe

– C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.wifi-scanner-microservice.exe

– C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\com.geocomply.vm-detector-microservice.exe

Endpoint Detection and Response (EDR) Can Help:

Tools like EDR (Endpoint Detection and Response) can help in these types of situations as they are very good at blocking new processes in the pre and post-execution stages. You must go through a process to “teach” EDR what is a legitimate process vs. something like this GeoLocaation service.

References:

[1] – www.geocomply.com

[2] – https://help.draftkings.com/hc/en-us/articles/4405236822931-Using-DraftKings-with-GeoComply-location-services-overview-US-

[3] – https://www.bleepingcomputer.com/news/security/draftkings-warns-data-of-67k-people-was-exposed-in-account-hacks/

[4] https://www.cbssports.com/general/news/u-s-sports-betting-heres-where-all-50-states-stand-on-legalizing-sports-gambling-top-sites/#:~:text=Wagering%20on%20pro%20and%20college,in%20collegiate%20games%20are%20prohibited.