More than a million Android users may have been fooled by downloading a fake WhatsApp product on Google Play, thanks to a space of characters.
A devious application maker claimed to be the actual WhatsApp service with an application called Update WhatsApp Messenger. But he copied the developer title "WhatsApp Inc." - the same title as the current Facebook messenger owned by Facebook uses on Google Play.
The only difference was that the app maker added a Unicode character space after the name of WhatsApp Inc. In a computer code, the difference is more obvious: WhatsApp + Inc% C2% A0. But to average Android users on Google Play, this character space would be easy to miss.
Reddit users spotted the problem on Friday. The dummy application was not a chat application, but served users of ads to download other applications. As Motherboard noted, Avast researcher Nikolaos Chrysaidos pointed out that it has been downloaded at least 1 million times.
The developer of dummy application is unknown, but the culprit later changed the name of the application to "Dual Whatsweb Update", and removed the "WhatsApp Inc." title of developer. It has since been removed from Google Play.
"I can confirm that the app has been removed from Google Play and that the developer account has been suspended for violating the rules of our program," said a spokesman for Google on Friday.
The fake Android apps are not new and they are often used to spread malware on mobile phones. But the fake WhatsApp product incident is worrying because it does not seem like Google has noticed the problem. Google Play rules do not allow apps to impersonate another title or logo. In addition, the company has used new security measures to prevent malware from accessing the platform.
Hackers used similar tips, such as using Cyrillic letters instead of English letters, to create legitimate-looking domain names.
PCMag.com
It's useful
ReplyDeleteI understood this tnq... Bro
ReplyDelete