We’re surrounded by hoaxes, fake news, spam, malware and…fake apps.
SEE ALSO: WhatsApp’s new feature lets you track your friends in real-time
A fake Android app which was disguised as an update to the popular WhatsApp messaging service was downloaded more than a million times from the Google Play Store.
Named “Update WhatsApp Messenger” and developed by “WhatsApp Inc.”, the app looked pretty much identical to the official one. It was changed to a different name and then deleted altogether, according to the Reddit user who first flagged the case.
Fake WhatsApp Update on #GooglePlay . Under the “same” dev name. Incl. a Unicode whitespace. One Million downloadshttps://t.co/qjqxd6n6HP pic.twitter.com/dmvTksqpuP
— Nikolaos Chrysaidos (@virqdroid) November 3, 2017
The fake app was loaded with ads and had some code to download a second piece of software to the users’ devices, according to other Reddit users:
But how did the developers of the malicious app managed to sneak through Google Play unnoticed?
Well, it looks that they used the exact name “WhatsApp Inc.” replacing the space with a special unicode character, a “Space”, that looks like a space.
Here’s the legit one:
And here’s the fake:
Very difficult to detect.