A fake version of WhatsApp fooled over a million people into downloading it, proving once again that Google’s Play Store is less than excellent at tackling malicious apps. Those who were fooled by the fake app are considered lucky, as the app’s goal was merely to create advertising revenue.



The fake app, now removed from the official Play Store, appeared to be developed by WhatsApp Inc, the legit Facebook-owned maker of the messaging client. However, thanks to some Unicode trickery, a hidden space at end allowed this dodgy version to masquerade as a product of WhatsApp Inc, albeit with two bytes, 0xC2 0xA0, at the end forming an invisible space. In other words, it appeared to be a legit app from a real developer, but really it wasn’t.

Discussion

Source: [H]ardOCP – More than 1 Million People Downloaded a Fake WhatsApp Android App