A mobile app pretending to be WhatsApp was downloaded more than 1 million times from the official Google Play online shop before Google removed it. The fraudulent developer managed identify themselves as ‘WhatsApp Inc.’ on Google Play, bypassing the company’s filters.
Keen-eyed users of Reddit, the US-based social and web discussion forum spotted that the “Update WhatsApp Messenger”, available for download in the Google Play store, wasn’t all that it seemed to be. The incident is the latest in which suspect software has made it through the automated filters Google uses to approve items for its Android repository and is one of the more successful examples.
Concealment of the Fake Whatsapp
The app was called “Update WhatsApp Messenger”, and users on Reddit noted that its developer made their identity appear on Google Play as “WhatsApp Inc.”, identical to that of the real program. The fraudulent developer added a special character known as a Unicode space at the end of their identifier.
Something invisible to the naked eye, said users commenting on social media. According to tech commentators who have installed and decompiled the app, it is an ad-loaded wrapper (with minimal Internet access / permissions) which contains some code to download a second apk, also called “whatsapp.apk”.
The fake app hides itself by not having a title and having a blank icon. The result for those who have downloaded and tried to use the app is that they receive spam adverts, and are unable to detect and delete the app.
It also tried to conceal itself by having a blank icon and an empty app name, said the user, writing under the handle “dextersgenius”. Security firm ESET found that malware earlier this year in 87 apps on Google Play that had a combined total of nearly 1 million downloads.