Google communicates frequently about its initiatives to secure its Play Store as all Android mobile apps undergo rigorous security testing before appearing in the store. And Google Play Protect continuously works to keep your device, data and apps safe by actively scanning your android device around the clock to detect malicious mobile apps. However, this mobile application market is a known favorite for cybercriminals. Malicious developers still manage to slip through the cracks and bypass the safeguards put in place by the publisher to propose malicious or misleading applications. Most recently, a fake WhatsApp app has managed to garner not less than a million downloads before being spotted by Reddit users.
Fake WhatsApp on Google Play Store
Despite Google’s efforts to secure the Android operating system’s application marketplace, malicious developers routinely bypass publisher protections and mislead users with fake apps.
This is notably the case of an application discovered at the end of last week by several users of the subreddit r / Android. The popular WhatsApp application had a fake version that fooled more than a million users. It pretended to be WhatsApp by taking over the iconography of the official application, and the name of the studio was imitated by manipulating Unicode characters to add an invisible space to the end of the name. The only difference with the official version was in the name, the fake Whatsapp was called ‘Update WhatsApp Messenger’ and this successfully deceived millions of users into downloading it before being removed from the Play Store.
The fake WhatsApp Messenger was thought to be developed by WhatsApp Inc. as the mobile app in question had all the finery of the official application. It presented itself as an update of the instant messaging property of Facebook. Except that the fake WhatsApp actually contained an advertising malware. Once connected to the Internet, it broadcasted advertising in the form of pop-up windows to pay its creators and also contained code for installing another malicious program.
The creators of the fraudulent mobile application took advantage of a flaw in the Google Play Store. They inserted an invisible space at the end of the app’s name to pose as the official publisher, WhatsApp Inc. In fact, the counterfeiting publisher’s name was “WhatsApp + Inc% C% AO”. This was enough to fool Google’s algorithms that control applications submitted for validation on the Play Store. Google eventually manually removed the malicious application from the Play Store platform.
For the users who downloaded the offending application, the functionality was not fundamentally different since the counterfeit application actually downloaded and installed a Whatsapp client on the user’s device.
Play Store distributing fake apps and Android malware
If a user has downloaded Minecraft mods from the Play Store, he may have encountered one of 87 malicious apps. It is easy to recognize this type of scam: the application does not work. As reported by ESET earlier this year, the fake apps displays the usual download button but redirects the victim to ads and scam websites instead. These fake apps managed to avoid detection by Google’s system by not showing any activities for the first six hours. The more serious danger here is that the malicious mobile apps can download additional applications to infected devices, and the payload responsible for the ads can later be replaced by more dangerous malware.