Malware's 'evil twin' strategy posing risks to companies, says expert
Employers should ensure that workers continue to follow best practices when it comes to cybersecurity, whether they are using their work computers or even their own Android phones, according to one expert.
That’s because malware attacks targeting Android phones have surged by 160 per cent in the first half of 2025 compared to the previous six-month period, reports ESET, a cybersecurity firm.
In some companies, workers can access work data and work-based applications on their own Android devices, notes Tony Anscombe, chief security evangelist at ESET.
“And if they're using Android devices, then this is an increased risk to the employer and to the employer's data. So employers should definitely be concerned,” he says. “Regardless of whether it's an employee device or a device owned by the company, they should make sure that the device is providing adequate security for the company data that's actually on the device.”
‘Kaleidoscope’ fraud operation
The surge in malware attacks is fuelled by new evil twin fraud and the rise of potentially unwanted apps, specifically Kaleidoscope, according to the report based on global telemetry data from ESET.
“Kaleidoscope” is an Android-based ad fraud operation uncovered by IAS Threat Lab. Cybercriminals behind this operation create two nearly identical versions of the same app – a harmless one available on official app stores (decoy twin) and a malicious version distributed through third-party app stores (evil twin). The “evil twin” generates intrusive, unwanted ads to fraudulently earn advertising revenue.
Kaleidoscope accounted for 28 per cent of Android adware detections in the period.
“You have truly malicious apps that deliver malware… then you have apps that misbehave,” says Anscombe.
The misbehaving apps “may ask for permissions beyond the permissions they need," he says.
“They may display too many ads. They may take personal information through the size of those ads and misdirect users in that way. And we define those as unwanted because while they're not necessarily delivering malware or exfiltrating data, they may actually be tricking you into doing that or they may be over-advertising to you or misbehaving through permissions or such like.”
Two-thirds (65 per cent) of business leaders are worried about cyber risks, up from 61 per cent last year, according to a previous report.
Kaleidoscope downloads are being offered on third-party app stores “that don't have the same compliance requirements as the Play Store,” says Anscombe, and are even available on social media sites.
Mobile device management system
To protect the company from Kaleidoscope and other cybersecurity threats, employers must have some form of mobile device management (MDM) system, says Anscombe.
That should allow you to segment business and personal apps.
“In the situation where you might be using your own phone and getting your work email—which is a very common scenario—the apps and the data related to the company, in effect, should be segmented on the device and controlled by the company and deletable by the company regardless of the device.
“So whether you leave the company, whether your device becomes compromised, it's stolen or whatever, the company should be in control of its own data on that device and that'll be done through an MDM-type solution.”
He also says that employers should have policies within the company around mobile devices, “just like you would internally for devices like laptops”.
The policies should cover the areas of minimum security protocols, including changing PIN numbers, and other ways to ensure the security of corporate data.
“The device should have strong authentication if it's connecting to a company network. The device itself should be encrypted,” Anscombe says.
With the release of Canada’s updated National Cyber Security Strategy in January, experts have an urgent message for employers: start planning to hire cybersecurity professionals now, according to a previous report.
Worker habits around cybersecurity
Anscombe also emphasises the importance of providing the necessary and up-to-date cybersecurity training to workers. The goal: You need employees to have an “attitude of verification,” says Anscombe.
This means that they would “always have a second pass, a second thought” about the action they’re going to take, he says: “That's not an easy thing to teach an employee.”
For ESET’s chief security evangelist, this comes naturally.
“If I get an email in my inbox, I naturally hover over the link to see whether the link's real. It's now second nature. It's like muscle memory.
“Those are the types of things you need to teach employees.”
