A fake version of WhatsApp has been found on Google Play and has been downloaded by unsuspecting users over a million times.
The fake app was nearly impossible to distinguish from the real WhatsApp, thanks to some crafty work by the scam developers: They put an invisible unicode space at the end of their developer name, masquerading it as the legitimate WhatsApp Inc.
First discovered by a Reddit user last week, the fake app first changed its name, along with the developer's, before vanishing completely. That may be cold comfort to the one million or more Android users who downloaded it, however.
Another day, another copycat Android app
Those who installed the fake WhatsApp can count themselves lucky: It appears to be nothing more than carefully crafted adware. What's important to learn from this incident, and countless others like it, is that it's entirely possible to end up with a serious malware infection from fake apps.
Malware attacks against Android devices have increased by 40% in the past year, and not all of them are as innocent as this latest discovery. New Android malware is discovered approximately every 10 seconds, and it's not uncommon for it to come from the Google Play Store.
SEE: New 'Marcher' malware attacks Android users' banking accounts (TechRepublic)
Google Play Protect, Android's built-in anti-malware app, should be catching apps that manage to slip past Google's Play Store vetting system, but it's obvious that it isn't, given this and other recent Android malware news.
It's important for users to know what to watch out for when it comes to bad apps, but malicious developers are continually improving their methods to avoid detection. It therefore falls to Google to protect users—something it has repeatedly failed at, given the proliferation of Play Store malware.
Protection is still possible
Android users, and those who manage their devices in the workplace, need to stay on top of the latest threats to avoid falling prey to clever new app scams. In some cases this requires user awareness, but in cases where it's nearly impossible to detect a scam app, there are steps that can be taken to protect devices:
- Make sure Android devices containing business information aren't rooted. In many cases malware apps rely on root permission to download additional apps without user permissions, and if root isn't granted they can be stopped in their tracks.
- Install additional anti-malware apps on all devices and make sure they're set to automatically scan new downloads.
- Disable the ability to download apps from unknown sources.
- Be aware of performance changes like battery drain and device lag—these can indicate that something unknown is running in the background.
The freedom that Android devices grant their users is great, but there's always a downside. In this case it's the easy spread of malware and dangerous apps. The WhatsApp scam may have been relatively harmless, but that isn't a reason to get complacent.
SEE: Automated Mobile Application Security Assessment with Mobile Security Framework (TechRepublic Academy)
The top three takeaways for TechRepublic readers:
- A fake version of WhatsApp was downloaded more than one million times from Google Play. The fake app was so successful because the developer used a unicode character to insert a space after their name, making them appear to be the actual WhatsApp Inc.
- Android malware continues to proliferate through fake apps on the Play Store. Google either hasn't, or can't, stop the spread of these fake apps, so it falls to users and IT professionals to add extra layers of security and awareness to prevent infections.
- Make sure that Android devices you use or manage are protected with additional anti-malware apps, that downloading from unknown sources is disabled, and that the devices aren't rooted.
- Malware-laden apps in Google Play store mine cryptocurrency from mobile victims (TechRepublic)
- Can Google win its battle with Android malware? (ZDNET)
- HummingBad malware infects 10 million Android devices, millions more at risk (TechRepublic)
- This Android malware steals data from 40 apps, spies on messages and location (ZDNET)
- BYOD (bring-your-own-device) policy (Tech Pro Research)
- Special report: Cybersecurity in an IoT and mobile world (free PDF) (TechRepublic)
Brandon Vigliarolo has nothing to disclose. He does not hold investments in the technology companies he covers.
Brandon writes about apps and software for TechRepublic. He's an award-winning feature writer who previously worked as an IT professional and served as an MP in the US Army.