In H1 2025, #ESETResearch telemetry recorded a 160% surge in #Android adware & clicker detections. Leading this spike is a colorfully branded threat #Kaleidoscope, responsible for 28% of all Android #adware detections in H1.
Kaleidoscope uses a deceptive #eviltwin technique – mimicking legitimate apps, generating intrusive ads, and tricking advertisers into paying fraudsters for fake views. The ads run in the background, even when the twin app isn’t active, slowing down device performance.
Distributed via third-party app stores or websites, Kaleidoscope has primarily affected users in Latin America, 🇹🇷 Türkiye, 🇪🇬 Egypt, and 🇮🇳 India.
One possible sign of an evil twin app is that its icon appears in a white circle without a label. Tapping it may do nothing except open the App info screen – demonstrating no functionality.
To avoid Kaleidoscope and other threats which use the evil twin technique, download apps only from official app stores, manage app permissions carefully, and be aware of how the #eviltwin apps (don’t) work.
Read more about this evolving adware threat in the latest #ESETThreatReport: https://welivesecurity.com/en/eset-research/eset-threat-report-h1-2025