According to reports, over one million users were tricked into downloading a fake version of WhatsApp from the Google Play Store last week. Luckily, it was identified and removed.
The Internet is becoming more and more dangerous day by day. If hacking or phishing weren’t enough, malware and adware are always lurking just around the corner. And now, fake apps. Last week, a fake, malicious, adware-riddled version of WhatsApp appeared on the Google Play Store. And it was downloaded by *only* around one million users. What’s wrong with people? Can’t they tell what’s real and what’s fake? Not so fast. The app looked totally legit. Even its download page looked perfectly authentic, showing the developer as “WhatsApp Inc.” How is this even possible?
Well, with some clever use of Unicode, the creators were able to doctor the name of the developer. A screenshot from The Hacker News showed how that was done – by writing “WhatsApp+Inc%C2%A0.” Simple.
Also, the downloaded app was pretty much the real thing, just will ads wrapped around it. It is only until a Redditor – DexterGenius – noticed something wrong and decompiled the app’s code. As he explained, “The app itself has minimal permissions (internet access) but it’s basically an ad-loaded wrapper which has some code to download a second apk, also called ‘whatsapp.apk.”
We’re thankful that this is matter has been settled, but surely, Google should be making more of an effort to remove “zombie apps” from the Play Store? It has, but it seems that cybercriminals are always one step ahead. Stay safe out there, people!
[box]Read next: What Is KRACK And Why You Should Or Shouldn’t Be Worried[/box]