More than one million people have downloaded fake Whatsapp applications. It’s possibly the highest number of downloads so far. Of course, it’s not the first time it happened – counterfeit apps with adware were surfacing more and more recently.
Fake Whatsapp: how does it work?
Lately, it was not very easy to pass the security checks of Google Play Store. Malicious app developers had to reduce their actions and capabilities of fake apps. However, counterfeit apps still get their way in between legit apps and gather a significant amount of downloads.
It’s less than half a year since the last fake Whatsapp application was discovered in Google App Store. That time the first letter of the app was changed in a Unicode homoglyph attack. In such attack, specific symbols are interchanged with the same looking ones.
The twist: they have different codes. It’s not only I, l and 1 that are familiar. The same letter in different encodings is different as well. Cyrillic letter A and Latin letter A looks the same visually, though they are encoded with different codes.
That’s why for “WHATSAPP” with Cyrillic letters “A,” and “WHATSAPP” with Latin letters “A” are different words. They might be different domains, and the user might be easily confused without analyzing the source code of where the link points to or titles of the app.
In this recent fake application, the differences were even more subtle between the legit developer’s name and the fake one:
There are two extra bytes at the end of the phony URL that is barely visible to an end-user. It’s an advertisement-loaded wrapper that downloads additional code and tries to hide on user’s device by having no icon, description or name.
Are we safe?
Currently, the fake app is already banned from the Play Store. However, in such cases, users usually rely on the app distributor. In case of Android users, it’s most likely Google Play store. Of course, there is no fool-proof protection, and Play Protect is no exception.
These incidents of fake apps, residing in Google Play store are getting more and more frequent. Apps cannot utilize highly advanced malicious actions. There are still ways how to bypass the implemented security mechanisms and get, in this case, more than one million users to download that.
At the moment it is a difficult situation to give straightforward recommendations for users on how to protect themselves. One of the most obvious ones is to carefully check what and why you are installing on your device.
What permissions does the app require, is behavior the same as expected or it differs? Check what out-of-place apps might be there on your smart device. As it is seen, the user’s precaution is one of the primary defense mechanisms.
Sometime in the future, defense mechanisms of Play Store and other sources of available apps will be intact, however, attacking mechanisms of malicious players in the market, might have been developed even further.