Over a million people have been tricked into downloading a fake version of WhatsApp. The app, called “Update WhatsApp Messenger”, was disguised to look just like the original version. However, all it actually did was bombarded users with ads and try to get them to install another dodgy program.
Apart from having a slightly different name to the actual version of WhatsApp – which is listed as "WhatsApp Messenger" in the Google Play store – Update WhatsApp Messenger looked very convincing.
The dodgy update was noted by the Reddit user who spotted it, it used the official WhatsApp logo and had a high user rating of 4.2 stars. It even appeared to have been developed by WhatsApp Inc.
According to Hacker News, the people behind the fake app managed to pull off the trick by adding an invisible Unicode character space to the end of the name, which in computer code reads: “WhatsApp+Inc%C2%A0”.
The app has now been taken down from the Google Play Store, but dexterginius, a Reddit user who downloaded it while it was still available has described what it did.
“The app itself has minimal permissions (internet access) but it's basically an ad-loaded wrapper which has some code to download a second APK, also called ‘whatsapp.apk’,” he said.
“The app also tries to hide itself by not having a title and having a blank icon.”
The fact that over a million people managed to download it before it was taken down is a cause for concern. Google is supposed to protect Android users by blocking fake a malicious apps from the Play Store, clearly, the company's security system needs an update.