Tech

Over 1 million users fooled into downloading fake ad-infected WhatsApp messenger

Over 1 million users fooled into downloading fake ad-infected WhatsApp messenger

Last week, an official-looking version of the popular WhatsApp messaging application for Android appeared on the Google Play Store, and more than one million users were tricked into downloading the fake app.

The “Update WhatsApp Messenger” download page even appeared to come from the actual creators, as it included the real developer’s title “WhatsApp Inc.”

It turned out the cybercriminal used some Unicode trickery to make it appear authentic.

Read also: Chipmaker, Broadcom seeks to acquire Qualcomm

Although it looks very much like the real thing, installing the rogue software will run the real Android WhatsApp client, but with advertising plastered around it.

A Redditor named DexterGenius first spotted the discrepancy and decompiled the download code to find out what it really did.

“The app itself has minimal permissions (internet access) but it’s basically an ad-loaded wrapper which has some code to download a second apk, also called ‘whatsapp.apk.,’ DexterGenius wrote. “The app also tries to hide itself by not having a title and having a blank icon.”

The scam app has now been removed from the official Google Play Store, but it’s curious how it ended up there in the first place, as it would lead users to think they’re downloading a legitimate app directly from a Facebook-owned property.

RipplesNigeria… without borders, without fears

Click here to join the Ripples Nigeria WhatsApp group for latest updates

Join the conversation

Opinions

About the author

Ripples Nigeria

We are an online newspaper, very passionate about Nigerian politics, business and their leaders. We dig deeper, without borders and without fears.
www.ripplesnigeria.com

/* ]]> */