Million Android users use by fake WhatsApp app in official Google Play Store
Formerly again Google’s Play Store has confirmed less than competent at catching
malicious apps after netizens discovered a fake version of WhatsApp that was good quite to fool over one million people into downloading it.
That rogue program implied found by Redditors fresh today, also some software seems pretty enough like the real deal. Still, if present, it seems to download and run the real WhatsApp Android client albeit with adverts covered about it, making a fast buck for whichever miscreant produced this dodgy imitation.
Thanks to report this.
Please followers, DON’T DOWNLOAD THIS APP! IT’S FAKE!
WhatsApp Business IS NOT OFFICIALLY AVAILABLE YET FOR ALL.
— WABetaInfo (@WABetaInfo) October 31, 2017
Yesterday I have also installed the app and decompiled that,” reported DexterGenius.
“The app itself should be minimum permissions (internet access) but it’s essentially an ad-loaded cover which holds some code to download another app, also called ‘whatsapp.apk.‘ This app also judges to hide by not having a title and having a blank icon.”
That fake app, instantly removed from the official Play Store, looked to be developed by WhatsApp Inc, the legit Facebook-owned maker of the messaging client. Still, thanks to some Unicode trickery, a hidden place at the end provided this dodgy version to masquerade as a product of WhatsApp Inc, albeit with two bytes, 0xC2 0xA0, at the end producing an unreal space. In other words, it appeared to be a legit app from a real developer, but really it wasn’t.