Fake WhatsApp On Google Play Store
Downloaded By Over 1 Million Android Users
Cybercriminals are known to take advantage
of everything that's popular among people in
order to spread malware, and Google's official
Play Store has always proved no less than an
excellent place for hackers to get their job
done.
On November 9 some users spotted a fake version of
the most popular WhatsApp messaging app for
Android on the official Google Play Store that
has already tricked more than one million
users into downloading it.
Dubbed Update WhatsApp Messenger, came
from an app developer who pretended to be
the actual WhatsApp service with the
developer title "WhatsApp Inc."—the same title
the actual WhatsApp messenger uses on
Google Play.
You might be wondering how the sneaky app
developer was able to use the same title as the
legitimate Facebook-owned maker of the
messaging client—thanks to a Unicode
character space.
The app maker added a Unicode character
space after the actual WhatsApp Inc. name,
which in computer code reads WhatsApp+Inc
%C2%A0.
However, this hidden character space at the
end of the WhatsApp Inc. would be easily
invisible to an average Android user browsing
Google Play Store, allowing this dodgy version
of the app to masquerade as a product of
WhatsApp Inc.
In other words, the titles used by the fake app
maker and real WhatsApp service are
different but appeared same to a user.
According to Redditors, who first spotted this
fake app on Friday, the app was not a chat
app; instead, it served Android users with
advertisements to download other apps.
"I've also installed the app and decompiled it,"
one Redditor said. "The app itself has minimal
permissions (internet access) but it's basically
an ad-loaded wrapper which has some code to
download a second apk, also called
'whatsapp.apk.' The app also tries to hide by
not having a title and having a blank icon."
Google has now removed the fake WhatsApp
Android app from its official Play Store, but
this incident once again marked the tech
giant's failure to spot the scam on its app
platform—even for the program that had more
than a million downloads.
It is an unfortunate truth that even after so
many efforts by Google (even recently
launched Bug Bounty Program), malicious
apps continuously somehow managed to fool
its Play Store's security mechanism and infect
millions of Android users.
Google Play Store is still surrounded by
hundreds of other fake and malicious apps
that trick users into downloading and
installing them and potentially infect their
smartphones to carry out malicious things
without their knowledge.
So, users are advised to be more vigilant
while downloading apps not only from the
third-party app store but also from official
Play Store in order to protect themselves.
Comments
Post a Comment