A bogus WhatsApp messenger was recently downloaded by over a million Android users worldwide before Google Play services detected the application and removed it from their Play Store.
The fake WhatsApp messenger, originally called Update WhatsApp Messenger but later changed to Dual WhatsApp Update, was able to trick more than one million users into downloading it by pretending to be the bonafide application both graphically and code wise.
The fake version of the most popular messaging app was initially discovered by the Reddit community who claim the app was not a chat app; instead, it served Android users with advertisements to download other apps.
“There are extra bytes which are a Unicode space at the end of the fake one,” writes a Reddit user. “VERY difficult to see if you don’t look closely.”
“I’ve also installed the app and decompiled it,” another Redditor adds. “The app itself has minimal permissions (internet access) but it’s basically an ad-loaded wrapper which has some code to download a second apk, also called ‘whatsapp.apk.’ The app also tries to hide by not having a title and having a blank icon.”
— Nikolaos Chrysaidos (@virqdroid) November 3, 2017
The developer was able to mimic the original WhatsApp Inc name by using special characters that appear as a white space in between the words WhatsApp & Inc, which in computer code reads WhatsApp+Inc%C2%A0. This flaw was not observed by Google Play, thus, the Play Store detected it as a completely different name. In other words, the titles used by the fake app developer and the real WhatsApp service were different but appeared same to the users.