Cyber criminals are recognized to make the most of every part that is widespread amongst people with a view to spread malware, and Google’s official Play Store has at all times proved at least a wonderful place for hackers to get their job executed.
Yesterday some customers noticed a fake model of the most well-liked WhatsApp messaging app for Android on the official Google Play Store that has already tricked a couple of million customers into downloading it.
Dubbed Replace WhatsApp Messenger, got here from an app developer who pretended to be the precise WhatsApp service with the developer title “WhatsApp Inc.”—the identical title the precise WhatsApp messenger makes use of on Google Play.
You might be questioning how the sneaky app developer was in a position to make use of the identical title because the reputable Fb-owned maker of the messaging consumer—due to a Unicode character house.
The app maker added a Unicode character house after the precise WhatsApp Inc. title, which in laptop code reads WhatsApp+IncpercentC2percentA0.
Nonetheless, this hidden character house on the finish of the WhatsApp Inc. could be simply invisible to a mean Android consumer looking Google Play Retailer, permitting this dodgy model of the app to masquerade as a product of WhatsApp Inc.
In different phrases, the titles utilized by the pretend app maker and actual WhatsApp service are totally different however appeared similar to a consumer.
In keeping with Redditors, who first noticed this pretend app on Friday, the app was not a chat app; as a substitute, it served Android customers with commercials to obtain different apps.
“I’ve additionally put in the app and decompiled it,” one Redditor mentioned. “The app itself has minimal permissions (web entry) nevertheless it’s mainly an ad-loaded wrapper which has some code to obtain a second apk, additionally referred to as ‘whatsapp.apk.’ The app additionally tries to cover by not having a title and having a clean icon.”
Google has now eliminated the pretend WhatsApp Android app from its official Play Retailer, however this incident as soon as once more marked the tech big’s failure to identify the rip-off on its app platform—even for this system that had greater than 1,000,000 downloads.
It’s an unlucky reality that even after so many efforts by Google (even not too long ago launched Bug Bounty Program), malicious apps repeatedly in some way managed to idiot its Play Retailer’s safety mechanism and infect thousands and thousands of Android customers.
Google Play Retailer continues to be surrounded by a whole bunch of different pretend and malicious apps that trick customers into downloading and putting in them and probably infect their smartphones to hold out malicious issues with out their data.
So, customers are suggested to be extra vigilant whereas downloading apps not solely from the third-party app retailer but additionally from official Play Retailer with a view to shield themselves.