Google communicates frequently about its initiatives to secure its Play Store as all Android mobile apps undergo rigorous security testing before appearing in the store. And Google Play Protect continuously works to keep your device, data and apps safe by actively scanning your android device around the clock to detect malicious mobile apps. However, this mobile application market is a known favorite for cybercriminals. Malicious developers still manage to slip through the cracks and bypass the safeguards put in place by the publisher to propose malicious or misleading applications. Most recently, a fake WhatsApp app has managed to garner not less than a million downloads before being spotted by Reddit users.
Fake WhatsApp on Google Play Store
Despite Google’s efforts to secure the Android operating system’s application marketplace, malicious developers routinely bypass publisher protections and mislead users with fake apps.
This is notably the case of an application discovered at the end of last week by several users of the subreddit r / Android. The popular WhatsApp application had a fake version that fooled more than a million users. It pretended to be WhatsApp by taking over the iconography of the official application, and the name of the studio was imitated by manipulating Unicode characters to add an invisible space to the end of the name. The only difference with the official version was in the name, the fake Whatsapp was called ‘Update WhatsApp Messenger’ and this successfully deceived millions of users into downloading it before being removed from the Play Store.
The fake WhatsApp Messenger was thought to be developed by WhatsApp Inc. as the mobile app in question had all the finery of the official application. It presented itself as an update of the instant messaging property of Facebook. Except that the fake WhatsApp actually contained an advertising malware. Once connected to the Internet, it broadcasted advertising in the form of pop-up windows to pay its creators and also contained code for installing another malicious program.
The creators of the fraudulent mobile application took advantage of a flaw in the Google Play Store. They inserted an invisible space at the end of the app’s name to pose as the official publisher, WhatsApp Inc. In fact, the counterfeiting publisher’s name was “WhatsApp + Inc% C% AO”. This was enough to fool Google’s algorithms that control applications submitted for validation on the Play Store. Google eventually manually removed the malicious application from the Play Store platform.
For the users who downloaded the offending application, the functionality was not fundamentally different since the counterfeit application actually downloaded and installed a Whatsapp client on the user’s device.
Play Store distributing fake apps and Android malware
If a user has downloaded Minecraft mods from the Play Store, he may have encountered one of 87 malicious apps. It is easy to recognize this type of scam: the application does not work. As reported by ESET earlier this year, the fake apps displays the usual download button but redirects the victim to ads and scam websites instead. These fake apps managed to avoid detection by Google’s system by not showing any activities for the first six hours. The more serious danger here is that the malicious mobile apps can download additional applications to infected devices, and the payload responsible for the ads can later be replaced by more dangerous malware.
In Oct, Check Point researchers uncovered “ExpensiveWall”, a new variant of a malware detected earlier this year and seen lurking in about 50 apps in the Play Store, including the popular “Lovely Wallpaper”, for which the malware was named after. To evade detection by Google, the creators used advanced techniques to encrypt the malicious code bypassing the usual Play Store anti-malware mechanisms. Victims affected by ExpensiveWall pay a heavy price. They unknowingly sign up to premium paid services and are charged for illicit activities e.g. sending premium text messages. Sadly, these apps had cumulatively been downloaded and installed between 1 million and 4.2 million times from the Google Play Store. More alarmingly, this particular malware family including all its variants have affected between 5.9 million and 21.1 million victims.
Evidently malicious apps frequently slip in undetected to the Play Store, and attract millions of downloads before Google can find and remove them. Clearly, Android users cannot simply rely on the fact that Google removed the affected mobile apps from their platform as the downloaded app remains on the Android phone and continue to cause harm. Users should as a matter of urgency, manually remove apps that have been tagged ‘malicious’.
This brings into question the common recommendation to download mobile apps and games only from trusted Android app stores.
Vigilance becomes the major security feature for Android Users
With the explosion of mobile devices, malicious apps seeking to trick and defraud Android users will continue to proliferate the ecosystem, representing a very lucrative market for cyber criminals.
More fear than harm, the recent issues with fake apps and mobile malware reveal a problem endemic to the Google Play Store, which has so far failed to properly regulate mobile applications in its marketplace. The fake WhatsApp is not the first time that the Google Play Store is faced with counterfeits of popular applications. A fake Facebook Messenger app previously managed to accumulate nearly ten million downloads before being spotted.
Hence it appears that while the Play Store remains the most trusted source, it can no longer be absolutely trusted. Securing the mobile app space requires a combination of security measures and responsible parties – Google, mobile security vendors and Android users. Google must continue to enhance their malware detection capabilities, perhaps with a greater emphasis on human intervention beyond reliance on AI and algorithms which can be fooled by determined cybercriminals. Mobile security vendors should collaborate and continue to support the ecosystem through their research and advanced anti-malware products. And perhaps most importantly, Android users should be more discerning and skeptical of the mobile apps they are putting on their devices.
