Skip to main content

Did you download this fake ad-infected WhatsApp from the Google Play Store?

fake WhatsApp
Google/The Hacker News
Last week, an official-looking version of the popular WhatsApp messaging application for Android appeared on the Google Play Store, and more than one million users were tricked into downloading the fake app. The “Update WhatsApp Messenger” download page even appeared to come from the actual creators, as it included the real developer’s title “WhatsApp Inc.” How could something malicious have fooled so many users?

It turns out the cybercriminal used some Unicode trickery to make it appear authentic. As you can see in the app details captured in the screenshots above from The Hacker News, the scam artist added an invisible character space in the actual company name: “WhatsApp+Inc%C2%A0.”

Although it looks very much like the real thing, installing the rogue software will run the real Android WhatsApp client, but with advertising plastered around it.

A Redditor named DexterGenius first spotted the discrepancy and decompiled the download code to find out what it really did. “The app itself has minimal permissions (internet access) but it’s basically an ad-loaded wrapper which has some code to download a second apk, also called ‘whatsapp.apk.,’ DexterGenius wrote. “The app also tries to hide itself by not having a title and having a blank icon.”

The scam app has now been removed from the official Google Play Store, but it’s curious how it ended up there in the first place, as it would lead users to think they’re downloading a legitimate app directly from a Facebook-owned property.

Google has recently been making efforts to remove “zombie apps” from its Play Store, and has even deployed AI algorithms to detect potential infections with its Play Protect system. Still, the ongoing presence of malware and adware on the service remains a real concern.

When asked for comment on the fake WhatsApp download, Google told The Register it was “looking into the matter.”

Even when downloading or updating from a trusted source such as the Google Play Store, it pays to be vigilant. Malware on mobile devices has seen a sharp increase lately, and Google may soon be introducing a “panic button” feature than can get you out of a jam if you inadvertently download the wrong thing.

Editors' Recommendations

Mark Austin
Former Digital Trends Contributor
Mark’s first encounter with high-tech was a TRS-80. He spent 20 years working for Nintendo and Xbox as a writer and…
You’ll soon be able to use WhatsApp on more than one phone
Two phones on a table next to each other. One is showing the WhatsApp logo, and the other is running the WhatsApp application.

WhatsApp, one of the most used messaging services in Europe and parts of Asia, is about to close a major flaw. As spotted by the sleuths over on WABetainfo, the company is planning an update that will allow the use of a secondary device -- including another phone or tablet. Currently, WhatsApp only allows phone users to link their account via its web or desktop clients.

The new feature is dubbed companion mode. Once it rolls out, you'll have a workflow that's quite similar to setting up WhatsApp Web or WhatsApp on the desktop. Rather than entering a number, you'll be able to scan a QR code with your main phone to log in to your existing WhatsApp account.

Read more
App developers get relief from Google tax in one of Android’s biggest markets
Tinder on the GooglePlay App Store.

Just over a week ago, Google was fined approximately $113 million in India for forcing its in-house billing system on developers making Android apps. While the fine was hefty in and of itself, the laundry list orders issued by the Competition Commission of India were the real concern for Google.

The company has now complied with the most controversial directive by removing the mandatory Google Play billing policy for in-app purchases made in India. In an official update, the company notes that it is “pausing enforcement of the requirement for developers to use Google Play's billing system for the purchase of digital goods and services for transactions.”
Why does it matter?

Read more
Google’s Android monopoly finds its biggest challenge, and Apple might be next
Apps screen on the Google Pixel 7.

The Competition Commission of India slapped Google with two hefty fines over anti-competitive strategies that have allowed it to dominate the mobile ecosystem in India. Totaling over $250 million, the penalties reprimand Google for forcing smartphone makers to avoid Android forks, prefer Google’s web search service, and pre-install popular cash cows like YouTube on phones.

Google was also disciplined for forcing its own billing system on developers that allowed the giant to take up to a 30% share of all in-app purchases for applications listed on the app store. Google is not really a stranger to titanic penalties; The EU handed Google a record-breaking fine of approximately $5 billion in 2018 for abusing its dominant market position — a penalty that was upheld in September this year following Google’s appeal.

Read more