Once again Google’s Play Store has proved less than excellent at tackling malicious apps, after netizens found a fake version of WhatsApp that was good enough to fool over a million people into downloading it.
The rogue program was spotted by Redditors earlier today, and the software looks very much like the real deal. However, when opened, it appears to download and run the real WhatsApp Android client albeit with adverts wrapped around it, making a fast buck for whichever miscreant produced this dodgy imitation.
由于智能手机与平板电脑这类移动上网设备的强劲增长为网络犯罪提供了新机会,去年手机受到的安全威胁也在急速增长。
Fake on the left, legit on the right
“I’ve also installed the app and decompiled it,” reported DexterGenius.

“The app itself has minimal permissions (internet access) but it’s basically an ad-loaded wrapper which has some code to download a second apk, also called ‘whatsapp.apk.’ The app also tries to hide itself by not having a title and having a blank icon.”
The fake app, now removed from the official Play Store, appeared to be developed by WhatsApp Inc, the legit Facebook-owned maker of the messaging client. However, thanks to some Unicode trickery, a hidden space at end allowed this dodgy version to masquerade as a product of WhatsApp Inc, albeit with two bytes, 0xC2 0xA0, at the end forming an invisible space. In other words, it appeared to be a legit app from a real developer, but really it wasn’t.
Despite clearly being a counterfeit build of a highly popular application, Google’s software guardians failed to spot the scam; the program had over a million downloads.
Google told The Register it is looking into the matter, and it’s likely the writer of the fake version is going to be banned. The Chocolate Factory has been touting the benefits of machine intelligence in tracking down miscreants lurking in its store. Maybe some more human intelligence is needed, too. ®
信息安全意识游戏之密码安全挑战赛
Sponsored:
The Joy and Pain of Buying IT – Have Your Say
公司应该按照国家密码管理相关规定和要求,建立健全密码设备管理制度,加强密码设备使用人员管理,使用符合国家要求和信息加密强度要求的加密技术和产品,加强相关信息系统安全保密设计和建设。

猜您喜欢

2000万前置信息安全 海信手机H10_海信 H10 _手机市场-中关村在线
闲话保密委员会与信息安全委员会“两委”合一
网络安全法视频宣传片 第二集 国家网络安全的现状与重要性概述
乐视IPO造假若坐实 贾跃亭会下周回国吗?
GOLDSOURCEMINES THEABBEYRESORT
软件安全问题探究