1. Social Media

Did you download this fake ad-infected WhatsApp from the Google Play Store?

By

fake WhatsApp
Google/The Hacker News
Last week, an official-looking version of the popular WhatsApp messaging application for Android appeared on the Google Play Store, and more than one million users were tricked into downloading the fake app. The “Update WhatsApp Messenger” download page even appeared to come from the actual creators, as it included the real developer’s title “WhatsApp Inc.” How could something malicious have fooled so many users?

Trending in Mobile:

It turns out the cybercriminal used some Unicode trickery to make it appear authentic. As you can see in the app details captured in the screenshots above from The Hacker News, the scam artist added an invisible character space in the actual company name: “WhatsApp+Inc%C2%A0.”

Although it looks very much like the real thing, installing the rogue software will run the real Android WhatsApp client, but with advertising plastered around it.

A Redditor named DexterGenius first spotted the discrepancy and decompiled the download code to find out what it really did. “The app itself has minimal permissions (internet access) but it’s basically an ad-loaded wrapper which has some code to download a second apk, also called ‘whatsapp.apk.,’ DexterGenius wrote. “The app also tries to hide itself by not having a title and having a blank icon.”

The scam app has now been removed from the official Google Play Store, but it’s curious how it ended up there in the first place, as it would lead users to think they’re downloading a legitimate app directly from a Facebook-owned property.

Google has recently been making efforts to remove “zombie apps” from its Play Store, and has even deployed AI algorithms to detect potential infections with its Play Protect system. Still, the ongoing presence of malware and adware on the service remains a real concern.

When asked for comment on the fake WhatsApp download, Google told The Register it was “looking into the matter.”

Even when downloading or updating from a trusted source such as the Google Play Store, it pays to be vigilant. Malware on mobile devices has seen a sharp increase lately, and Google may soon be introducing a “panic button” feature than can get you out of a jam if you inadvertently download the wrong thing.

Editors' Recommendations

Android vs. iOS: Which smartphone platform is the best?

android vs ios v cameras feat

How to root Android phones and tablets (and unroot them)

galaxy s9 Plus hands-on review front full

How to check your phone for viruses

facebook reportedly has a clubhouse clone in its sights woman using phone

The best dating apps for 2021

Tinder Dating App

Snapchat’s new TikTok-like feature will share $1M among the best creators

snapchats new tiktok feature to share 1m among top creators snapchat spotlight

Cheap coffee machine: Keurig K-Mini down to $60 at Amazon for Black Friday

amazon slices prices on keurig k cup coffee makers for labor day mini single serve maker black 1

Why Instagram’s dreaded Shopping tab is a big win for small businesses

instagram shopping icon

YouTube will prompt you to reword potentially offensive comments

best android q features youtube mobile

TikTok isn’t going anywhere, despite deadline for sale passing

tiktok logo

Practically every major social app has a Stories function now. This is why

instagram launches location stories to more users 1

Twitter tests Spaces, an audio-only chatroom

google search can now teach you how to pronounce tricky words speaker phone

2020 forced Big Social to address its flaws, but it’s too late for an easy fix

Trump Twitter

What is Section 230? Inside the legislation protecting social media

social media on phone