IAS Threat Labs has given this attack the Kaleidoscope name because it is always changing to avoid detection. According to the data, 2.5 million new devices are compromised each month, with 20% of these found in India. Other areas where Kaleidoscope has been discovered include Indonesia, the Philippines, and Brazil. Driving the expansion of this threat are the installation of malicious apps via third-party app store fronts.
Examples of the intrusive ads that appear on Android phones that have installed the malicious apps. | Image credit-IAS
Kaleidoscope works like this. An Android user installs an app from the Play Store that looks and even runs like a legitimate app. A malicious duplicate of the app is listed in a third-party app store; messages and social media direct users to install the malicious version of these apps via the third-party app stores and direct installs. The Android device owner thinks that he has installed a legitimate app, and advertisers believe that their ads are being viewed on legit apps.
If you have any of these apps on your Android phone, delete them immediately. | Image credit-Forbes
Instead, once the malicious version of the app is installed on a phone, it shows intrusive ads, including full-screen images and videos that do not require any interaction from the user to run. You can see how annoying this could be to the unlucky device owners who end up with a phone that is making big bucks for cyber-criminals and prevents users from viewing their displays.
An incredible 2.5 million new installs of Kaleidoscope-infected apps take place each month making this a very serious and dangerous situation for Android users.