More than a million people are believed to have downloaded a malicious, fake version of Facebook Inc.’s WhatsApp messaging app from the Google Play store.
First spotted by users on Reddit Friday, the app, dubbed “Update WhatsApp Messenger” was listed as coming from “WhatsApp Inc.,” the official name of the Facebook-owned company. How the fake app was listed with the same name as the official company was explained by Hacker News, which found that those behind that app inserted a Unicode character space after the actual WhatsApp Inc. name that would not be visible to Google Play users.
The malicious app did provide some basic messaging functionality but primarily acted as a way to trick users into clicking third-party ads and downloading malicious software. As one Reddit user explained: “I’ve also installed the app and decompiled it … the app itself has minimal permissions (internet access) but it’s basically an ad-loaded wrapper which has some code to download a second apk, also called ‘whatsapp.apk.’ The app also tries to hide by not having a title and having a blank icon.”
The app has since been removed from Google Play, but the fact it was listed long enough to have more than a million people download it once again raises questions about Google’s efforts to stop fake and malicious apps from getting listed. Seemingly once a month, an outbreak of fake apps is discovered on Google Play, including recent examples such as the discovery of fake cryptocurrency trading apps in October and an outbreak described as massive in September.
The risk of users downloading fake WhatsApp apps also remains. As of Sunday evening, a search in Google Play for WhatsApp (pictured) returns the official app in first position, but a fake app, going by the name of “Freе WhatsApp Messenger Update – Tips” from a developer listed as “WhatsApp Inc./” (including that forward slash at the end), sits in third position. A scroll further down the page also found numerous other examples of what appear to be fake WhatsApp apps.