Risky Bulletin: Kaleidoscope Ad Fraud Network Infects 2.5 Million Devices a Month

Release Date: May 11, 2025 | Host: Clair Aird | Prepared by: Catalyn Kimpanu

Introduction

In the latest episode of Risky Bulletin, host Clair Aird delivers a comprehensive update on recent cybersecurity threats and law enforcement actions. From sophisticated ad fraud networks to significant legal settlements involving tech giants, this episode covers a wide spectrum of critical issues impacting the digital landscape. Below is a detailed summary of the key topics discussed.

1. Kaleidoscope Ad Fraud Network Targets Millions of Devices

Clair Aird opens the episode by highlighting a major development in mobile ad fraud. The Kaleidoscope botnet is reported to infect over 2.5 million Android devices each month.

"A mobile ad fraud network is installing ad fraud software on more than 2.5 million Android phones every month." [00:04]

The operators behind Kaleidoscope cleverly distribute legitimate, ad-supported apps via the Google Play Store while also offering fraud-enabled versions through third-party stores. These malicious apps deceitfully generate ad impressions that never occur, funneling payments under the guise of legitimate app activity. This method mirrors the tactics previously employed by the Confetti botnet last year, marking Kaleidoscope as the second network to adopt such sophisticated techniques.

2. German Authorities Crack Down on X Cryptocurrency Mining Service

In a significant crackdown, German authorities have seized the operations of the X cryptocurrency mining service. According to blockchain investigations firm Elliptic, a staggering 98% of the funds processed through X were associated with criminal activities.

"Officials say they seized 8 terabytes of data and 34 million euros worth of assets." [00:04]

The seizure was expedited following the service's announcement to shut down, indicating a swift response by law enforcement to disrupt illicit financial operations.

3. U.S. Takes Down the AnyProxy Botnet

The FBI has successfully dismantled the AnyProxy botnet, a notorious proxy service, by seizing its domain infrastructure. This operation led to charges against three Russian nationals and one Kazakh individual, accused of hacking home routers to operate the botnet.

"They're believed to have made more than $46 million over two decades, according to Lumen's Black Lotus Labs." [00:04]

With over 7,000 proxies available daily, the AnyProxy botnet facilitated vast amounts of malicious activity, underscoring the scale and longevity of this cybercriminal enterprise.

4. NATO's Cyber Chief Addresses Russian Cybercriminal Collaborations

Mart Norma, NATO CCDCOE director, provided insights into the collaborative efforts between Russian cybercriminals and the Kremlin during an interview with Estonian TV.

"The Kremlin uses criminal groups to make attribution difficult. He said the aim is to damage infrastructure, steal money and reduce citizens' trust in local government." [00:04]

This strategic alliance poses significant threats, aiming to undermine critical infrastructure and erode public trust in governmental institutions.

5. iClicker Platform Compromised with Malicious CAPTCHA

A security breach in the iClicker student engagement platform led to the insertion of a malicious CAPTCHA on U.S. university websites. This deceptive CAPTCHA instructed users to execute commands in the Windows command prompt, posing potential security risks.

"The captcha was live on all iClicker portals for five days in April." [00:04]

The attack remained undetected for five days, highlighting vulnerabilities in widely used educational technologies.

6. Massive Fraudulent Trades in Japanese Brokerage Accounts

Recent cyberattacks on Japanese brokerage firms have resulted in nearly $2 billion in fraudulent trades. Hackers manipulated stock prices by accessing and exploiting account holders' assets.

"More than 6,000 accounts have been hacked this year. The volume of trades is triple the $700 million figure that was initially reported in April." [00:04]

Japanese financial authorities are grappling with the scale of these breaches, emphasizing the need for enhanced security measures in the financial sector.

7. Data Theft from Pearson Education Platform

Early May witnessed a data breach at the Pearson education platform, where hackers accessed and stole user data. Pearson has indicated that most of the compromised information was outdated, mitigating some potential damages.

"This is the company's second security breach this year." [00:04]

The recurrence of such incidents raises concerns about ongoing vulnerabilities within educational institutions' digital infrastructures.

8. Google to Pay $1.4 Billion Settlement Over Privacy Violations

Google has agreed to a $1.4 billion settlement with the state of Texas concerning the unauthorized collection of biometric data. This settlement concludes two lawsuits filed by Texas in 2022.

"The settlement agreement puts an end to two lawsuits filed by Texas in 2022." [00:04]

Previously, the state secured an identical settlement from Meta in 2024 for unauthorized facial scans, signaling a trend of holding large tech companies accountable for privacy infringements.

9. Wikimedia Foundation Sues the UK Government Over Online Safety Act

The Wikimedia Foundation has initiated legal action against the UK government in response to the Online Safety Act. The law mandates the verification of Wikipedia users' identities starting next year, a move Wikimedia argues threatens user privacy and safety.

"The foundation said, 'Privacy is essential to keeping users safe. Some users rely on anonymity in countries with authoritarian governments.'" [00:04]

This lawsuit underscores the tension between regulatory efforts to increase online safety and the protection of user anonymity and privacy.

10. Philippine Authorities Raid International Cybercrime Syndicate

In Makati City, Philippine authorities detained 31 individuals, predominantly Chinese nationals, involved in an international online scam center. This operation was carried out under a presidential directive aimed at dismantling cybercrime networks operating within the country.

"Officials said they were acting on a presidential directive to crack down on international cybercrime syndicates that have been setting up in the country." [00:04]

This crackdown represents the Philippines' commitment to combating cybercriminal activities hosted within its borders.

11. Irish Man Sentenced for Running a Cybercrime Operation

Suleman Mazar, a 43-year-old from Ireland, has been sentenced to two years in prison on multiple cybercrime charges. Mazar operated a website distributing malware, ransomware, and counterfeit financial data. Additionally, he has pled guilty to money laundering.

"He’s also pleaded guilty to money laundering." [00:04]

His arrest in 2022 reflects ongoing efforts to prosecute individuals facilitating cyber threats and financial crimes.

12. Exposure of Over 8,000 Automated Fuel Tank Gauge Systems

A security lapse has left more than 8,000 automated fuel tank gauge systems exposed on the Internet without proper authentication. These systems monitor fuel tank levels, temperature, and pressure, presenting significant security risks if accessed maliciously.

"Most of the exposed systems are from Vitaroot, a major supplier in the US. Security organization divd says it's notified vendors and is working to advise on proper security controls." [00:04]

The exposure highlights the critical need for safeguarding industrial control systems against unauthorized access.

13. Google Enhances Chrome Security with On-Device AI for Scam Detection

Google announced that its Chrome browser will integrate on-device Large Language Models (LLMs) to identify and alert users about potential tech support scams more swiftly.

"Google says On Device LLMs will help it detect these sites faster." [00:04]

This advancement aims to reduce the time taken to add scams to the safe browsing system, a process that previously could take hours. The feature is expected to roll out with Chrome 13037 later this month, enhancing user protection against evolving cyber threats.

Conclusion

This episode of Risky Bulletin underscores the multifaceted nature of contemporary cybersecurity challenges, from sophisticated ad fraud networks and cryptocurrency-related crimes to significant legal actions against major tech companies. The continuous evolution of cyber threats necessitates proactive measures and robust responses from both authorities and technology providers to safeguard digital ecosystems worldwide.

For more detailed insights and updates, subscribe to Risky Bulletin and stay informed on the latest in cybersecurity.