Fake WhatsApp app found on Google Play Store was downloaded 1M+ times

Fake WhatsApp app tricks over a million of users into downloading it

Fake apps on Google Play Store is a commonplace today, and the official Android app store proved it once again. This time, the store failed to identify a malicious and fake WhatsApp application^[1] which was downloaded by unsuspecting users over a million of times.

The Google didn’t recognize the WhatsApp viru^[2] s even if it was a clear impersonator of the real WhatsApp program which is owned by WhatsApp Inc., a Facebook-owned app developer.

The issue was spotted by Reddit users on Friday, November 3rd.^[3]

It turns out that the bogus version of the app was called “Update WhatsApp Messenger” and it appears that creators of it chose a smart trick to deceive inexperienced app users into downloading it. The app was listed as a product of WhatsApp Inc., which is known to be the real developer of the favorite app.

However, scammers used an additional Unicode^[4] character at the end of the developer’s name – %C2%A0. This character appears as an invisible space at the end of the developer’s name, tricking victims into thinking that the developer is the actual WhatsApp, Inc.

The majority of victimized users installed the app thinking that it was a necessary upgrade for the real app they already had on their devices. Fake app updates are frequently used in cyber attacks and the most recent example was Bad Rabbit ransomware which was being pushed in a form of a fake Flash Player Update.^[5]

The app was used to serve highly bothersome ads

The sneaky application appeared to be an adware-like application with minimal permissions. It uses Internet access to load advertisements for the victim. The majority of the ads urge the victim to install various third-party applications on the already-compromised device.

Once installed, this version of Android virus attempts to conceal itself and prevent removal. The icon of the malicious app displays no title and has a transparent icon, making it invisible on the Settings – Apps screen.

A little later, the developer of the malicious WhatsApp version changed app’s name to “Dual Whatsweb Update” and changed the bogus developer’s name as well. However, over a million was already infected with this application when Google finally decided to remove it from the Google Play Store.

Google’s spokesperson confirmed that the app was removed on Friday:

I can confirm that the app was removed from Google Play and the developer account was suspended for violating our program policies.

Avoid falling victim to malware on Google Play Store

While Google Play Store and its security measures are far from trustworthy, here are some tips you can follow to avoid installing fake app versions or malware on your device.

1. Search for information about the application you are willing to install. Specifically, look up its developer and see user feedback online.
2. Consider installing apps from developers ranked as “Top Developer” or “Editor’s Choice” only.
3. Check user’ ratings and read their comments about the app. If the app displays loads of advertisements or annoys the users in a different way – we are sure that you will find a lot of reviews pointing these issues out.
4. Inspect app’s permissions with caution. Do not install apps that require permission to access your call logs, media files or chat logs if these do not comply with app’s functionality.
5. Consider installing a security app for Android. There are a lot of anti-spyware or anti-malware programs available today that are compatible with Android devices.