Google Has A Big Fake WhatsApp Problem -- Here's Why -

Google Has A Big Fake WhatsApp Problem -- Here's Why

Credit: forbes.com

  • Dec 05 2017 19:30About: 8 days ago
  • 10 views

Google just can't keep scammers out of the Play store.

More than one million people downloaded a fake WhatsApp application last week, but that was just the tip of a dirty iceberg, according to security researchers who've been warning about the problem for years. And in the last year alone, Google has seen apps that look very much like the real thing - from WhatsApp to Facebook, Instagram and many more - but are in fact frauds looking to make a quick buck for the developer.

While the fake WhatsApp (now removed by Google and the developer banned) is believed to have reached the most downloads for such a copycat this year, according to security experts crooked developers have found their way onto the market all too often.

Fooling Google with 'clever characters'

And they're particularly fond of making copies of WhatsApp. Going back to 2013, security firm Eleven Paths was warning about a fake WhatsApp that contained adware (software that draws views and clicks for ads, thereby making developers pushing the advertisements money).

Eleven Paths security researcher Sergio de los Santos said that whilst Google has patented tech to improve detection of rogue apps, the fraudsters have found new ways to get their software on the official market, and thereby guarantee better download rates.

The hottest trick right now is startlingly simple: the use of blank spaces and Unicode characters to make the developer name and titles look like the legitimate ones. "This is Google's problem and it is hard to believe they allowed this," he said.

Others have noticed Google is being duped with such creative use of characters. Last month, a fake Instagram was spotted by ESET security researcher Lukas Stefanko on Google Play with same app and developer name (along with the same icon) as the real application. But there was one crucial difference, the developer's name started with a small letter. "Based on what happened we can assume that Google probably doesn't have any app name, developer name or icon checks for newly uploaded apps," Stefanko added.

Google doesn't seem to have acted on the issue, despite last week's trouble; shortly after the 1 million-download counterfeit was taken down, more appeared from a developer with the same name, said Stefanko.

Alongside adding fake reviews to their apps, the developers have also limited their creations' malicious functionality, so that Google's automated code scanning tools will believe them to be legitimate. Back in 2013, and up to 2015, the fakes were more aggressive, pilfering personal data and in some cases demanding a ransom, said de los Santos. But looking at fake apps today, they no longer ask for excessive permissions, instead pushing ads and in some cases asking for a simple donation via PayPal. It's a subtler way of making money by duping folk searching the Play market.

According to de los Santos, the developers behind the range of rogue WhatsApp tools have, so far, achieved about two million downloads in total. "Anything related with WhatsApp moves huge numbers in Google Play."

Who's behind the scams? There are some references in the slew of fake WhatsApps to Jombang, a regency of East Java, Indonesia, de los Santos noted. He also found that they were created somewhere in the GMT+7 timezone, again indicating a possible link to Indonesia. "But attribution is tricky, we should not trust it," he cautioned.

A more severe threat coming?

Stefanko is more concerned about those who're going to exploit the current gaps in Google security to upload more dangerous apps to the store. As an example, just over a year ago, he found a fake Facebook Security Checkup application. It attempted to steal users' Facebook login information, though it was swiftly removed from the Play market.

"What I am more concerned about is [developers] uploading fake banking or financial apps with really similar icons, app and developer names, either using whitespaces or Unicode characters in the name," he added.

Google, for its part, said it was continuing to roll out smarter technology to find bad apps earlier. But as it continues to make improvements to its review system, Google still relies on the community of users and developers to flag apps for further checks, a spokesperson added.

A tried and tested approach, no doubt. But some members of that community are continuing to question whether Google really is doing enough.



Follow Us on Twitter

Fraudsters have found startlingly simple trick dupe Googles security team.

Related stories with Google Has A Big Fake WhatsApp Problem -- Here's Why

Crafty Hackers Are Stealing Millions From Art Galleries And Buyers -World News
Crafty Hackers Are Stealing Millions From Art Galleries And Buyers 8 days ago
Hackers in search of big payouts have found an unexpected new target: art galleries and buyers.
Do You Know What's Leaking From Your Enterprise? -World News
Do You Know What's Leaking From Your Enterprise? 8 days ago
Egress filtering is something that every company should be doing. Do you know what is exiting your company? Now, the obvious questions would turn to credit card numbers, intellectual property and so forth. But, what about command and control communication
Millennial Budgeting App MonzoIs Morphing Into A Bank -World News
Millennial Budgeting App MonzoIs Morphing Into A Bank 8 days ago
The app that’s fast become a popular way for Brits to track their spending is inviting its users to become current account holders.
Facebook Asks Australia For Nude Pics To Test 'Revenge Porn' Defense -World News
Facebook Asks Australia For Nude Pics To Test 'Revenge Porn' Defense 8 days ago
The social media giant is taking its efforts to stem digital abuse and exposure to the next level down under.
'Pay No Attention To That Man Behind The Curtain': Technology vs. Transparency -World News
'Pay No Attention To That Man Behind The Curtain': Technology vs. Transparency 8 days ago
The only thing worse than limiting the freedom to express oneself is locking people out of the room where the public discourse is occurring.
Google Patches Android Against Nasty KRACK Wifi Bug -World News
Google Patches Android Against Nasty KRACK Wifi Bug 8 days ago
A nasty Wifi security bug that was discovered this summer has finally been patched by Google.
This Russian Has The Power To Turn 100,000 Android Phones Into Cryptocurrency Miners -World News
This Russian Has The Power To Turn 100,000 Android Phones Into Cryptocurrency Miners 8 days ago
A cryptocurrency miner might have sucked up your Android phone's power thanks to this Russian's work.
Is It Possible To Benefit Society With Virtual Reality? -World News
Is It Possible To Benefit Society With Virtual Reality? 8 days ago
There are already a variety of thinkers considering how AR and VR will transform society, changing the way we age, connect with one another, and see the world.
The Upward Trend Of Software Breaches: Four Priorities For Technology Leaders In The Wake Of Equifax -World News
The Upward Trend Of Software Breaches: Four Priorities For Technology Leaders In The Wake Of Equifax 8 days ago
We must take a more proactive approach to manage software complexity if we’re ever going to reverse the trend of commonplace breaches.
SAPVoice: Banks Reinvent Customer Convenience With Virtual And Augmented Reality -World News
SAPVoice: Banks Reinvent Customer Convenience With Virtual And Augmented Reality 8 days ago
Virtual and augmented reality could turn banks into real estate brokers and customers into people who can’t wait to visit their local branch to find the property of their dreams.
FBI 'Ignores' Apple Olive Branch To Get Data From Texas Shooter iPhone -World News
FBI 'Ignores' Apple Olive Branch To Get Data From Texas Shooter iPhone 8 days ago
Apple and the FBI look set to be heading for another fight over access to the Texas murderer's iPhone.
Storage For Surveillance -World News
Storage For Surveillance 8 days ago
Our world seems less secure than in the past and governments and companies have increasing their video surveillance. The growth of surveillance has led to increased digital storage demand and focused storage products that serve these markets. Perhaps t