A new ad fraud campaign dubbed Kaleidoscope is quietly wreaking havoc on millions of Android devices, turning everyday apps into revenue machines for cybercriminals — and headaches for users.
The scheme, uncovered by IAS Threat Labs, involves legitimate-looking apps from the Google Play Store paired with malicious clones circulating in third-party app stores. These malicious versions serve intrusive, full-screen ads without any user interaction, draining batteries, overheating phones, and throttling performance.
Kaleidoscope is aptly named — the attack constantly morphs to evade detection. According to IAS, 2.5 million devices are infected each month, with India accounting for 20% of that number. The threat has also spread to Indonesia, the Philippines, and Brazil, largely driven by installs via third-party storefronts and direct download links from social media and messaging platforms.
How the scam works
A user installs what appears to be a genuine app from Google Play. But cybercriminals distribute lookalike versions with malicious code through unofficial channels. Users think they’re downloading the same app again — or an updated version — only to find themselves bombarded with unskippable ads. Meanwhile, advertisers unknowingly pay for fake impressions served by bogus apps.
While Google has removed flagged apps and says it will protect users against known versions of Kaleidoscope, the problem persists due to lax standards among ad resellers and the decentralized nature of third-party Android marketplaces.
The result? A stealthy but highly profitable scam that sacrifices user experience for ad revenue and undermines trust in Android’s app ecosystem.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
