Malware Hide’n’Seek

Blink once and your phone is infected.

Even though there are many of us who could spot a fake instantly, we have to remember that there are people who are not as tech savvy as us. Furthermore, there are people that might have just started using smartphones, my grandma, for example.

There was a time when one could identify really fast fake apps, but recently there have been more and more copies showing up on Google Play Store. One notable example was almost a perfect copy of WhatsApp.

On the 3rd of November 2017, in a reddit post a user informed everyone that there were two WhatsApps that apparently came from the same developer.

Two reddit users ( megared17  and dextergenius) took a closer look at the app.

The first one noticed that :

“There are extra bytes which are a Unicode space at the end of the fake one. VERY difficult to see if you don’t look closely.”  

And he provided the following screenshots for comparison:

Original WhatsApp
Fake WhatsApp

The second one went the extra mile, and even installed it:

“I’ve also installed the app and decompiled it. The app itself has minimal permissions (internet access) but it’s basically an ad-loaded wrapper which has some code to download a second apk, also called ‘whatsapp.apk'”

y9qAxbV
Details about the  fake app.

Furthermore, the app also does its best to hide from the user. It has no name and it uses a blank icon.

Here are more screenshots of the fake app posted by dextergenius:

9xvzk8n

This app was removed from the Google Play store, but not before tricking unsuspecting users into installing it on their phones.

To quote the Avast Blog:

“The harmful effects from these imitation apps can vary from a nonstop deluge of ads to stealing money and personal info, but they all have one thing in common: they are all entirely illegal. Publishing fake apps is called “scamming” and it is punishable by law.

 When you download these fake apps, you are in many cases putting money in the cyber-criminals’ pockets. Every click can be monetized, and the more money they make, the more resources they can use to create more fake apps, and the cycle continues. Instead we simply recommend: keep away from fake apps.”

Take care of you smartphone, it knows more that anyone about you. Install security software to protect your data. Use Two-Factor Authentication for all the apps that offer you that option

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s