Clever criminals were able to smuggle a fake Whatsapp version into the Play Store. One million users fell for the fraud app.
Advertising instead of messaging: Fake Whatsapp deceives one million Play Store users
Unknown criminals have exploited the popularity of Whatsapp and brought unsuspecting Play Store users to download their ad-filled fake app. One million users are said to have gone to the fake app before the case was publicized, and Google has removed the fake Whatsapp in question from the Play Store. The fake app was named "Update WhatsApp Messenger" in the app marketplace, which has led many users to misconceive that it is an update for the Messenger.
Clever and at the same time particularly worrying is the fact that WhatsApp Inc. was actually listed as a developer on the Play Store. Google only allows one developer with a specific name for security reasons. The criminals behind the Whatsapp fake, therefore, used a non-visible Unicode character when entering the company name. They were able to outsmart Google's automated controls and unsuspecting users at the same time.
Google has now deleted the app.
Unfortunately, the incident clearly shows that Google still does not do enough to keep malware and fraudulent apps out of the Play Store. As recently as September 2017, Google had banned 500 apps that had made it to 100 million downloads from the Play Store for forwarding private user data to third parties. Among them were also games apps for children.