Unskippable Advertisements Flood Android Users

Researchers have identified a highly adaptable ad fraud network known as Kaleidoscope, which inundates users with unskippable advertisements.

Typically, ad fraud does not actively concern users of compromised devices, who may only experience minor sluggishness. Ad fraud primarily targets companies, compelling them to pay for advertisements that go unseen and unclicked by actual users. To achieve this, fraudsters deploy automated scripts (bots) and various deceptive tactics to create fictitious views, clicks, or engagement metrics.

As a result, advertising companies incur costs without obtaining any real value in return. Infected users remain largely unaware of this malicious activity, as it operates in the background, effectively evading detection.

The newly identified Kaleidoscope ad fraud scheme differs from traditional methods. It specifically targets Android users by infiltrating legitimate-seeming applications in the Google Play Store and malicious replicas circulated via third-party app stores.

Both legitimate and counterfeit versions of the app share the same app ID. Researchers have uncovered over 130 apps linked to the Kaleidoscope network, leading to roughly 2.5 million fraudulent installations monthly.

Advertisers mistakenly believe they are funding ads placed in the genuine app, while users downloading versions from unreliable sources are bombarded with constant advertisements that they cannot skip. The shared app ID between these versions ensures that advertisers remain oblivious to the distinction.

Kaleidoscope shows substantial similarities to the CaramelAds ad fraud network, which utilized duplicate apps and shared code and infrastructure.

The researchers detail the operation as follows:

“The malicious app delivers intrusive, out-of-context advertisements under the guise of a benign app ID, manifested as full-screen interstitial images and videos, triggered even without user interaction.”

Device Protection Recommendations

Google Play Protect actively safeguards users against applications engaging in harmful behavior. Consequently, researchers did not encounter any malicious Kaleidoscope variants within the Google Play Store.

To ensure your devices remain free from ad fraud-related malware, consider the following guidelines:

– When possible, acquire apps from the Google Play Store.
– Carefully assess the permissions an app requests. Determine whether those permissions are essential for the app’s intended functionality. Particularly concerning is the “Display over other apps” permission.
– Suspicious ad sites may request permission to display notifications. Granting this permission can lead to an increase in ads by allowing them to be displayed in the device’s notification bar.
– Utilize up-to-date and effective security software on your Android device.

Malwarebytes identifies malware associated with the Kaleidoscope network as Adware.AdLoader.EXTNXN.

In conclusion, cybersecurity threats should be addressed proactively. Protect your mobile devices from these risks by implementing robust security measures and utilizing reputable security solutions designed to combat emerging threats.