This WhatsApp clone has tricked millions of users into downloading spam
WhatsApp is one of the most popular instant messaging apps available and, since its inception in 2009, it has managed to achieve over one billion downloads. For many people, it's the app of choice when it comes to sending text messages, images, gifs, videos and audio files. WhatsApp Inc was acquired by Facebook in 2014 when the business was valued at over one billion dollars. I certainly know a fair few people who can't live without it, and certainly prefer using it to texting by phone network. When it comes to the app economy, brand loyalty is a big deal, and people place a hell of a lot of trust in apps that they've heard about or that their peers have recommended. I certainly wouldn't trust any old app on the app store, without looking at ratings and reviews of it first. You never know what kind of malware you might end up accidentally downloading.
Which is what makes the latest news from the world of software even more troubling. Apparently malicious viruses are being perpetuated and spread by unwitting customers downloading a fake WhatsApp from Google Play, which perfectly mimics the real McCoy. In fact, over a million people have now been fooled by the WhatsApp facsimile, and have paid the price as a result of downloading this extremely convincing fake.
A Reddit user with the handle E_x_Lnc, was among the first people to notice that the cloned app would send ads and other spam to the phones of Android users, and took to the Android subreddit to warn off other people. Investigating further, other commenters on the same thread noticed that the developer of the clone app was listed as "WhatsApp Inc" with a blank unicode character between the two words, instead of "WhatsApp Inc." with a space between them. This was enough to fool Google's store into thinking that it was a legitimate and separate app, and thus it was able to slip through the cracks and get downloaded over and over again. I'd love to get on my high horse and admonish those people for having the wool pulled over their eyes, but be honest: how hard do you really look at the apps you download? Think that you'd be able to pick up on these details? I don't think I would.
Investigating further, I personally searched for "WhatsApp" on Google Play, and soon discovered a further seven apps, all of which were using slight the same moniker, with several subtle variations on the developer name, some of which included versions with new spaces, asterisks, or commas. Each of these fake apps boasted an average review of around four-star. Presumably a number of spam accounts on Google Play had been churning out enough positive reviews of the clone app to subvert Google Play’s review system and make it seem legitimate.
This isn't the first time that Google Play has failed to protect users from malware. Back in August in 2017, researchers at the security firm Lookout managed to identify a malicious smartphone app known as "SonicSpy." SonicSpy masqueraded as a legitimate app and hijacked a variety of basic phone functions once downloaded. These included making outbound calls, sending text messages, and harvesting call logs, contacts, and wi-fi data, whilst the smartphone seemingly operated as normal. The offending developer was tracked to a firm in Iraq which had created over 1000 malicious messaging apps by weaving spy functions with the public source code for a bona fide messaging app called Telegram. Lookout researcher Michael Flossman later stated that as many as 47 out of 1,000 Android devices have "encountered an app-based threat" at some point during the device's lifespan.
In July of 2016, ESET Security discovered a malicious Pokémon GO clone app called "Pokemon Go Ultimate" which had also made its way onto the Google Play store. This lock screen app was capable of installing a "PI Network" when downloaded, which would then hide from the Android-user and continue to generate fake ad clicks surreptitiously. In addition to this, WhatsApp users in the United Kingdom have been hit by a scam which claims to offer discount vouchers for various high street stores. Many of the messages advertising these discounts come from trusted contacts within the user's own network.
Commenting on the issue, a Google spokesperson told ABC news: "We have been closely tracking this malware family for months, and continue to take actions, such as removing apps from Play, when we detect its variants. We are constantly updating Google Play Protect -- our safeguard for all Android devices with Google Play -- to detect malware like ExpensiveWall and secure our users."
So if you're planning on downloading WhatsApp, or any other software which needs to access your phones privacy and security settings, then ensure that you're dealing with the real thing first, and take steps to ensure that your smartphone is secure. You might regret it if you don't.