Did you download this fake ad-infected WhatsApp from the Google Play Store?

By Mark Austin November 5, 2017

fake WhatsApp — Google/The Hacker News

Last week, an official-looking version of the popular WhatsApp messaging application for Android appeared on the Google Play Store, and more than one million users were tricked into downloading the fake app. The “Update WhatsApp Messenger” download page even appeared to come from the actual creators, as it included the real developer’s title “WhatsApp Inc.” How could something malicious have fooled so many users?

It turns out the cybercriminal used some Unicode trickery to make it appear authentic. As you can see in the app details captured in the screenshots above from The Hacker News, the scam artist added an invisible character space in the actual company name: “WhatsApp+Inc%C2%A0.”

Recommended Videos

Although it looks very much like the real thing, installing the rogue software will run the real Android WhatsApp client, but with advertising plastered around it.

A Redditor named DexterGenius first spotted the discrepancy and decompiled the download code to find out what it really did. “The app itself has minimal permissions (internet access) but it’s basically an ad-loaded wrapper which has some code to download a second apk, also called ‘whatsapp.apk.,’ DexterGenius wrote. “The app also tries to hide itself by not having a title and having a blank icon.”

The scam app has now been removed from the official Google Play Store, but it’s curious how it ended up there in the first place, as it would lead users to think they’re downloading a legitimate app directly from a Facebook-owned property.

Google has recently been making efforts to remove “zombie apps” from its Play Store, and has even deployed AI algorithms to detect potential infections with its Play Protect system. Still, the ongoing presence of malware and adware on the service remains a real concern.

When asked for comment on the fake WhatsApp download, Google told The Register it was “looking into the matter.”

Even when downloading or updating from a trusted source such as the Google Play Store, it pays to be vigilant. Malware on mobile devices has seen a sharp increase lately, and Google may soon be introducing a “panic button” feature than can get you out of a jam if you inadvertently download the wrong thing.

Topics

Former Digital Trends Contributor

Mark’s first encounter with high-tech was a TRS-80. He spent 20 years working for Nintendo and Xbox as a writer and…

Mobile

Google’s Android monopoly finds its biggest challenge, and Apple might be next

Apps screen on the Google Pixel 7.

The Competition Commission of India slapped Google with two hefty fines over anti-competitive strategies that have allowed it to dominate the mobile ecosystem in India. Totaling over $250 million, the penalties reprimand Google for forcing smartphone makers to avoid Android forks, prefer Google’s web search service, and pre-install popular cash cows like YouTube on phones.

Google was also disciplined for forcing its own billing system on developers that allowed the giant to take up to a 30% share of all in-app purchases for applications listed on the app store. Google is not really a stranger to titanic penalties; The EU handed Google a record-breaking fine of approximately $5 billion in 2018 for abusing its dominant market position — a penalty that was upheld in September this year following Google’s appeal.

Mobile

Google wants you to know Android apps aren’t just for phones anymore

Person holding Samsung Galaxy smartphone showing Google Play Store.

When most people think of the Google Play Store, the first thing that comes to mind is smartphones. However, the spread of the Android ecosystem is far broader than that, and Google is taking steps to increase awareness of this and make it easier for folks to find apps on the Play Store for their smart TVs, watches, and even cars.

In a blog post today, the Google Play team announced three significant changes that should make it easier for Android fans to discover apps for all their devices, right from their phone. This includes recommendations of apps for non-phone devices, a search filter to focus on only games optimized for non-phone devices, and even a remote install feature that will let you deliver those apps to your Android TV, Wear OS watch, or Android Automotive-equipped car.

Mobile

WhatsApp is copying two of Zoom’s best video-calling features

Call Links by WhatsApp

WhatsApp is taking a couple of pages out of Zoom's playbook. The Meta-owned company is rolling out the Call Links feature, making it easier for people to join audio and video calls with just one tap on the phone screen.

Mark Zuckerberg announced the new feature in a Facebook post on Monday morning. Starting this week, WhatsApp users will be able to tap the Call Links option within the Calls tab and create a link for audio or video calls to send to their friends and family, who will then tap on the link and join the call from there.