Fake WhatsApp pulled from Google Play after 1m downloads

library
crime | hacking | security

What’s in a name?

A space, as it turns out. Not just any space mind you, a special kind of space known as a non-breaking space. Under normal circumstances the humble non-breaking space character glues two words together so that they can’t be split up at the end of a line. Not so on Google Play.

On Google Play, the marketplace for Android apps, the non-breaking space takes on chameleon-like powers, allowing scammers, chancers and other such ne’er-do-wells to create fake apps and pretend they were made by the authors of the apps they’re mimicking.

At least that’s what happened about four days ago to an app that you and a few billion others might have heard of: WhatsApp.

On Friday 3 November an app called Update WhatsApp Messenger was spotted on Google Play. The app was decked out in all the greenery and speech-bubble-logoed finery you’d expect of a legitimate WhatsApp and, most crucially, it appeared under the developer name WhatsApp Inc. .

Fake WhatsApp Update on #GooglePlay . Under the “same” dev name. Incl. a Unicode whitespace. One Million downloads… twitter.com/i/web/status/9…

—
Nikolaos Chrysaidos (@virqdroid) November 03, 2017

Got that? Let me illustrate the point with some quotation marks.

The developer wasn’t the “WhatsApp Inc.” you might be thinking of, the company behind WhatsApp, but “WhatsApp Inc. ” (with an extra trailing space), transient purveyors of knock-off fakery.

The difference is a little more obvious (at least it was to a bunch of diligent Redditors) if you look at those same developer IDs as they appeared in Google Play URLs. URL encoded links for products made by the real WhatsApp Inc. developer contained the name WhatsApp+Inc. whereas links for the sham app contained the name WhatsApp+Inc.%C2%A0.

Yes, that’s correct, the elite hacking technique that allows a guy in his basement to pull the wool over Google’s all-seeing eyes is a space character.

The Redditors who noticed the problem eventually chased the adware disguised as the world’s favourite messaging app off of Google Play, but not before a huge number of people had downloaded it, as Reddit user Sunny_Cakes noted:

It already has 1 million installs lul. For shame google, for shame

This isn’t the first time that Google has been forced to pull apps from Google Play – in August it removed 500 apps that had been downloaded a total of 100 million times between them.

Searching for popular apps on Google Play often shows the app you’re looking for surrounded by a host of imposters. With tricks as simple as copying a logo and adding a space to a developer’s name available to the fakers it’s no wonder.

If you discover a fake app on Google Play, report it to Google. For more insight into the problems of Android malware, download the Sophos 2018 Malware Forecast.

Follow @NakedSecurity
Follow @MarkStockley

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/4SIS7sIl_xA/

Comments are closed.