It happened just last week when an official looking version of the Facebook-owned messaging platform, WhatsApp appeared in the Google Play Store and around 1 million users downloaded the app by with no prior information. After their blessed update about “Unsend” feature, it came as a shock to many.
About the Fake App
The “Update WhatsApp Messenger” download page seemed to be coming from the original creators since it displayed the real title WhatsApp Inc.
How did this happen?
The criminal used some Unicode trickery to make it appear real. The imposter added an invisible character in the actual name “WhatsApp+Inc%C2%A0.” This real looking WhatsApp has too many ads sticking to it.
Discovery by a Redditor
Named as DexterGenius, who was the first one to find the fault, decompiled and downloaded the code to check for the fault in it. He commented “The app itself has minimal permissions (internet access) but it’s basically an ad-loaded wrapper which has some code to download a second apk, also called ‘whatsapp.apk.’ He also added, “The app also tries to hide itself by not having a title and having a blank icon.”
Safety measures for other platforms
After removal of the fake app, Google is continuously striving to remove the “zombie apps” from their Play Store by implementing AI algorithms to detect any threat with its Play Protect system. But, the concern with the malware and adware still remains to be resolved as they have been on a rise lately. Even, Google was planning to bring a “panic button” to help users when they might have downloaded something wrong.