Attackers were able to fool over 1 million Android users into installing a fake version of the popular messaging application WhatsApp acting to be the official one. The application has been deleted from Google Play Store.
It was called “Update WhatsApp Messenger”, created by a developer who acted to be the actual WhatsApp service with the developer title “WhatsApp Inc.”, which is the same title the original WhatsApp messenger uses on Google Play store.
The fake app was found by Redditors, and the app looks very much like the real one. But, when opened, it seems to download and run the real WhatsApp Android client albeit with ads wrapped around it.
One Redditor said:
“I’ve also installed the app and decompiled it, the app itself has minimal permissions (internet access) but it’s basically an ad-loaded wrapper which has some code to download a second apk, also called ‘whatsapp.apk.’ The app also tries to hide itself by not having a title and having a blank icon.”
The fake app has been removed from the official Play Store, it is unclear if this app infected users with a malware or only show ads.
Users are recommended to be more careful while installing apps not only from the third-party app store but also from the official Play Store in order to secure themselves.