Beware! This Android ad scam is targeting 2.5M users monthly
What's the story
A new ad fraud scheme, dubbed Kaleidoscope, is targeting millions of Android users by converting regular apps into profit-generating platforms for cybercriminals.
According to the IAS Threat Labs report, the scam is affecting over 2.5 million devices every month, with India alone accounting for 20% of that number.
The threat has also spread to Brazil, Indonesia, and the Philippines through unofficial app stores and direct download links from social media and messaging platforms.
Methodology
How does the Kaleidoscope scam operate?
A user downloads what seems like a legitimate app from Google Play, while cybercriminals spread deceptive replicas laced with malicious code via unofficial sources.
Users think they're downloading an updated version of the same app, only to be bombarded with non-skippable ads.
Advertisers are also unknowingly duped into paying for fake impressions generated by these rogue apps.
Google's action
Google responds to the Kaleidoscope threat
In response to the Kaleidoscope threat, Google has removed flagged apps and promised to protect users against known versions of this scam.
But, the problem persists due to lax standards among ad resellers and the decentralized nature of unofficial Android marketplaces.
This has led to a discreet but lucrative scam that prioritizes ad revenue over user experience, thus undermining trust in Android's app ecosystem.