It is now official that over one million people were tricked into downloading a fake Android app which was disguising itself as the actual WhatsApp.
Despite Google’s tireless efforts to efficiently match iOS’ compatibilities with respect to security improvements, there are still numerous fake apps on the Play Store platform.
In the past, the malicious apps have had significant downloads (some over a million) and surprisingly by legitimate users.
The app, which is known as “Update WhatsApp” is a counterfeit Android app found on Play Store, found to be mimicking the standard and widely known messaging platform.
This is certainly not the first incidence of someone attempting to deceive Android users using counterfeit, malicious apps, even for Google Play Store which has over the years had to deal with these types of apps.
But in this case, the number of total downloads that this particular app received is astounding.
With more than a million downloads, this fake app has set itself apart as among the most successful fake applications to ever circle the Google Play Store.
Now and in the past, sentiments echoed by Android users express concerns that most of these apps are not receiving adequate scrutiny as they should be.
Users question why apps with huge numbers of downloads should not ultimately be subjected to more vetting.
Google has attempted to address concerns such as these, launching programs such as Play Protect and even a bug bounty program with HackerOne.
But still, the problem continues to cripple the tech giant’s Android application marketplace.
The supposed fake WhatsApp platform appears to have been established for the purpose of generating revenue by means of ads.
Nikolaos Chrysaidos, a security officer at global anti-virus firm Avast, indicated on Twitter that he has come across multiple similar apps of this nature.
They even include a counterfeit Facebook Messenger app which he stated had received an approximate 10 million downloads.
In this case, however, the individuals that downloaded the fake WhatsApp application appeared to have been more than lucky since it was concluded that the main purpose of the malicious app was to merely generate advertising revenue.
Nonetheless, this is not to say that hackers cannot still employ similar techniques—spoofing authentic apps and cleverly sneaking them onto a widely used app marketplace such as Google Play Store.
To the surprise of many, Update WhatsApp continues to exist within the Play Store although under a different appeal.
It has since been restructured with its developer, changing both its icon and name. It has adopted “Dual WhatsWeb Update” as its new name, now with an icon that no longer resembles that of the genuine popular messaging platform.
As aforementioned, prior to its facelift, this Android app mimicked the legitimate messaging platform in what was an outright goal to trick users into subsequently downloading it, purporting the app to be an update to the commonly used messaging app.
This was noted by a collection of users who had reviewed it on Play Store and some on Reddit, who initially flagged the deceiving and malicious app.
Update WhatsApp, as it was known, riddled the phones of its victims with numerous advertisements.
But while it seems that the app did not result in any major damage, the amazing question is how this Android app was able to slide its way through the vetting process as set by Google for all Play Store apps, and how it went on to stay afloat that long and even receive over a million downloads in the process.
Generally, Play Store is by a margin the most widely recommended place from where users can install Android apps. But unfortunately for Google, the road has not been all smooth.
Over the years, the company has endured difficult times in their attempts to guarantee that the Play Store marketplace is malware-free. But this occurrence only confirms the severity of the predicament.
What’s more, developers have recently adopted a new trend that involves slightly tweaking their approach to reach more unsuspecting Android users who are shopping the Google Play Store.
They’re now hiding cryptocurrency miners in typical apps which use a user’s device CPU without requesting for permission.
As such, Android users are continually advised to verify and ascertain apps carefully prior to installing them, inclusive of going through user reviews.
The irony, however, is that in this instance, the fake Update WhatsApp app already had a four-star rating besides having more than 6,000 reviews.