Share on LinkedIn
Share on XAd fraud is evolving — and so are we.
The IAS Threat Lab has uncovered a sophisticated new threat dubbed Kaleidoscope — a deceptive Android ad fraud operation that’s as dynamic as it is dangerous. This scheme hides behind seemingly legitimate apps available on Google Play, while malicious lookalike versions are quietly distributed through third-party app stores.
What makes Kaleidoscope so dangerous?
Like its namesake, Kaleidoscope is constantly shifting, transforming its structure to evade detection and prolong its fraudulent activity. The scheme’s complexity lies in:
- App cloning with a twist: Two versions of the same app — one clean, one malicious — sharing a single app ID. The clean version gets distributed via official app stores, while the malicious twin hides in third-party app stores, flooding the ecosystem with fake impressions.
- Rebranded SDKs: Following exposure of the CaramelAds SDK in earlier schemes like Konfety, fraudsters have pivoted — stripping out identifiers and repackaging malicious code in new, harder-to-detect SDKs.
- Concealed infrastructure: A web of new domains powers communication between infected devices and command-and-control servers, allowing bad actors to coordinate large-scale fraud in real time.
- Continued expansion: IAS has uncovered over 130 app IDs, including 40 newly uncovered apps, associated with Kaleidoscope, driving an estimated 2.5 million fraudulent installs per month.
A new chapter in mobile ad fraud
Kaleidoscope is not an isolated incident — it’s a blueprint for how bad actors are adapting in the wake of increased security measures. IAS’s Threat Lab has conducted deep forensic analysis of both previously known and newly uncovered apps to trace the evolution of this fraud model.
It’s a dangerous shift from simple out-of-context ad abuse to something far more dynamic — and scalable.
IAS is staying ahead of the fraud
IAS customers are already protected. Our fraud pre-bid avoidance solution, available within leading DSPs, leverages real-time machine learning models trained to identify and avoid threats like Kaleidoscope before a single bid is placed.
IAS blocks impressions tied to these malicious app IDs and domains at the source — so your ad dollars don’t fund fraud.
Download the full report to learn more.
