Kaleidoscope: The adware that threatens Android security in Latin America

  • Kaleidoscope targets Android using twin apps to distribute intrusive ads.
  • Brazil, Mexico, Peru, and Argentina are the countries most affected by this adware.
  • Fraudulent apps share IDs with legitimate versions, fooling ad networks.
  • Prevention involves downloading only from official stores and using security solutions.
Alberto Navarro

4 minutes

Kaleidoscope Android adware

The Android world in Latin America is being shaken by a new form of ad fraud.Kaleidoscope, a recently discovered adware, has managed to spread rapidly in the region, affecting thousands of unsuspecting users in countries such as Brazil, Mexico, Peru, and Argentina. This scheme, which apparently uses legitimate applications as a front, is causing serious inconvenience to users and significant financial losses to companies that invest in digital advertising.

The complexity of Kaleidoscope lies in its ability to disguise malicious applications as if they were authentic, allowing it to bypass security controls and exploit both people and advertising platforms. Its presence generates an avalanche of invasive advertising, deterioration of device performance and the possible leakage of personal data..

How does the Kaleidoscope scam work?

The “twin apps” strategy This is crucial to understanding Kaleidoscope's success. Developers release an official version on stores like Google Play, meeting all security requirements, and simultaneously distribute a fraudulent copy on third-party app stores, where verification processes are much more lenient.

Both versions share the same Advertising ID, which makes it difficult for networks like AdMob (Google) to distinguish them easily. This allows attackers to monetize ads in the malicious app, earning revenue as if it were coming from the legitimate app..

The malicious app is usually undetectable to the average user: it displays generic or nameless icons, doesn't show the expected interface, or simply redirects to basic app information. The user can immediately notice the continuous appearance of ads without opening the app.

Android TV app installation APK-1
Related article:
Everything you need to know about installing APKs on Android TV: Security, limitations, risks, and legal alternatives

Impact and most affected countries

Recent data collected by cybersecurity laboratories such as ESET and IAS Lab place Kaleidoscope responsible for 28% of adware detections on Android during the first half of 2025.

The expansion in Latin America has been especially alarming, with Brazil in second place worldwide in detections (19,4%), followed by Mexico (16,3%) and Argentina (5,7%). Peru is also among the countries with the highest risk. Only Turkey exceeds these figures globally, demonstrating the relationship between the rise of adware and the tendency to download apps outside of Google Play.

Kaleidoscope's rise is largely attributed to the popularity of third-party stores in these countries, where users seek out apps outside the official store, often attracted by free or exclusive versions.

Consequences for users and companies

The effects of Kaleidoscope go beyond a bad experience: Infected devices are flooded with ads, experience slowdowns and high battery consumption. Also privacy is compromised, since these applications can collect information without consent.

On the other hand, companies that invest in online advertising face losses, as a portion of their budget is spent on fraudulent interactions. Brands can see their reputation damaged by appearing on devices infected with adware., generating negative experiences for users.

Camilo Gutiérrez Amaya, Head of Research at ESET, warns that these campaigns "deface the advertising distribution system," causing advertisers to pay for interactions with no real value and losing control over how their ads are displayed.

Chrome critical patch
Related article:
Critical Chrome Update: Google Fixes Dangerous Security Vulnerability

How to detect an app infected with Kaleidoscope?

Recognizing malicious applications of this type is not always easy.. Some warning signs include:

  • Generic icons or icons without clear identification.
  • Applications that do not display an interface or only display basic information when opened.
  • Ads that appear without the user interacting with the app.
  • Strange device behavior, such as slowness or excessive battery consumption.

A common example is the app "Birds on Wire," which in its legitimate version is a game, but its "evil twin" doesn't even show the interface and only displays ads.

Recommendations for protecting yourself from adware on Android

The rise of Kaleidoscope reinforces the need for take preventive measures when installing apps on Android devices. Some essential recommendations are:

  • Download applications only from official stores such as Google Play, avoiding third-party platforms with less rigorous controls.
  • Pay attention to suspicious icons and names in apps.
  • review carefully the requested permissions before and after installing any application.
  • Use security solutions updated to detect adware, Trojans, and potentially unwanted applications.
  • Watch for signs of slow performance or excessive power consumption after installing new apps.

These actions help significantly reduce the risk of becoming a victim of fraud like Kaleidoscope and help protect personal information and the proper functioning of the device.

The arrival of Kaleidoscope marks a significant shift in the fight against adware on Android, especially in Latin America, where the trend toward downloading apps from alternative stores has increased the vulnerability of many users. The combination of social engineering, app twins, and ad network exploitation has rapidly amplified its impact. Maintaining a preventative approach and following good security practices is essential to confidently navigate the Android ecosystem.


Follow us on Google News