Security

Over a million Android users fooled by fake WhatsApp app in official Google Play Store

Rap for whack WhatsApp chat app chaps in ad crap flap

By Iain Thomson in San Francisco

56 SHARE

Once again Google's Play Store has proved less than excellent at tackling malicious apps, after netizens found a fake version of WhatsApp that was good enough to fool over a million people into downloading it.

The rogue program was spotted by Redditors earlier today, and the software looks very much like the real deal. However, when opened, it appears to download and run the real WhatsApp Android client albeit with adverts wrapped around it, making a fast buck for whichever miscreant produced this dodgy imitation.

Fake on the left, legit on the right

"I've also installed the app and decompiled it," reported DexterGenius.

"The app itself has minimal permissions (internet access) but it's basically an ad-loaded wrapper which has some code to download a second apk, also called 'whatsapp.apk.' The app also tries to hide itself by not having a title and having a blank icon."

The fake app, now removed from the official Play Store, appeared to be developed by WhatsApp Inc, the legit Facebook-owned maker of the messaging client. However, thanks to some Unicode trickery, a hidden space at end allowed this dodgy version to masquerade as a product of WhatsApp Inc, albeit with two bytes, 0xC2 0xA0, at the end forming an invisible space. In other words, it appeared to be a legit app from a real developer, but really it wasn't.

Despite clearly being a counterfeit build of a highly popular application, Google's software guardians failed to spot the scam; the program had over a million downloads.

Google told The Register it is looking into the matter, and it's likely the writer of the fake version is going to be banned. The Chocolate Factory has been touting the benefits of machine intelligence in tracking down miscreants lurking in its store. Maybe some more human intelligence is needed, too. ®

Sign up to our NewsletterGet IT in your inbox daily

56 Comments

More from The Register

Reddit locks out users with poor password hygiene after spotting 'unusual activity'

Forum admin blames recycled credentials for 'security concern'

Cryptocurrency-crafting creeps crept crafty code into Google App Store

Chocolate Factory's anti-malware protections fail yet again

SMS 2FA gave us sweet FA security, says Reddit: Hackers stole database backup of user account info, posts, messages

Email addresses, hashed passwords, and other details from mid-2000s era swiped

Nvidia just can't grab a break. Revenues up, profit nearly doubles... and stock down 20%

Ongoing Bitcoin woes left the channel holding all the cards, and that's not a good thing

Thanksgiving brings together Apple's Siri and Google Assistant

A divided tech nation embraces, uncomfortably

Hackers latch onto new Apache Struts megavuln to mine cryptocurrency

Underground forums alight with Struts chat, we hear

Reddit 'fesses up to just a little Russian reaming

CEO says propaganda's a worry, but the deeper problem is Americans' credulity

Another banking trojan is trying to loot your cryptocurrency wallets

Trickbot variant adds Coinbase exchange to monitored sites

Nvidia shrugs off crypto-mining crash, touts live ray-tracing GPUs, etc

Roundup Also, how Apple's Siri uses your location to improve its speech recognition

While Zuck squirmed, Reddit revealed it found and killed 944 Russian troll factory accounts

Posts hit hyper-partisan r/the_donald, CEO says most crimped before 2016 election