1. Social Media

Did you download this fake ad-infected WhatsApp from the Google Play Store?

Mark Austin
By

fake WhatsApp
Google/The Hacker News
Last week, an official-looking version of the popular WhatsApp messaging application for Android appeared on the Google Play Store, and more than one million users were tricked into downloading the fake app. The “Update WhatsApp Messenger” download page even appeared to come from the actual creators, as it included the real developer’s title “WhatsApp Inc.” How could something malicious have fooled so many users?

It turns out the cybercriminal used some Unicode trickery to make it appear authentic. As you can see in the app details captured in the screenshots above from The Hacker News, the scam artist added an invisible character space in the actual company name: “WhatsApp+Inc%C2%A0.”

Although it looks very much like the real thing, installing the rogue software will run the real Android WhatsApp client, but with advertising plastered around it.

A Redditor named DexterGenius first spotted the discrepancy and decompiled the download code to find out what it really did. “The app itself has minimal permissions (internet access) but it’s basically an ad-loaded wrapper which has some code to download a second apk, also called ‘whatsapp.apk.,’ DexterGenius wrote. “The app also tries to hide itself by not having a title and having a blank icon.”

The scam app has now been removed from the official Google Play Store, but it’s curious how it ended up there in the first place, as it would lead users to think they’re downloading a legitimate app directly from a Facebook-owned property.

Google has recently been making efforts to remove “zombie apps” from its Play Store, and has even deployed AI algorithms to detect potential infections with its Play Protect system. Still, the ongoing presence of malware and adware on the service remains a real concern.

When asked for comment on the fake WhatsApp download, Google told The Register it was “looking into the matter.”

Even when downloading or updating from a trusted source such as the Google Play Store, it pays to be vigilant. Malware on mobile devices has seen a sharp increase lately, and Google may soon be introducing a “panic button” feature than can get you out of a jam if you inadvertently download the wrong thing.

Editors' Recommendations

Apple iOS 15: News, features, and everything you need to know

Apple's Craig Federighi standing in front of the iOS 15 logo.

Apple paid a student $100,000 for successfully hacking a Mac

how to change folder icon mac macbook icons pixabay

Apple’s iOS 15.3 update fixes critical Safari security bug

iPhone showing Home Screen with widgets resting on soft white cloth background.

Messenger’s encrypted chats pick up user-friendly features

facebook privacy mark zuckerberg

With Tesla bleeding money, Elon Musk initiates hardcore spending review

Tesla Model Y front

Unionization at Activision: Everything you need to know

Operator using the OTs SMG in Warzone.

Elden Ring will have multiple endings and new game plus mode

elden-ring-release-date-trailer-gameplay-story-news

Best gaming deals for February 2022

father and son playing video games

Samsung and Apple dominated the smartphone market in 2021

Samsung Galaxy S10 Plus vs. iPhone XS Max

Dell is having a crazy sale on high-end gaming monitors

Alienware AW2521HFL 25-inch gaming monitor in white.

Nvidia’s enigmatic GA103 GPU finally spotted in the wild

The first appearance of Nvidia's GA103 GPU from a RTX 3080 Ti laptop.

The best racing games for Xbox Series X

best xbox one x games forza horizon 4 review 12

Grab a Dell G15 gaming laptop for only $600 — over $400 off!

best 15 inch laptops dell xps 2020 02 768x6400