Fake WhatsApp for Android downloaded more than a million times

A counterfeit version of WhatsApp for Android was downloaded more than a million times before it was removed from the Play Store. Probably indistinguishable from the real thing to less tech-savvy users, the app was used to generate advertising revenue.

Although the counterfeit application has since been removed from the Play Store, Motherboard has managed to collect the necessary screenshots. A cached version of the webpage is also still available. The difference between the real WhatsApp and this version is the name, which has been changed to ‘Update WhatsApp’. Furthermore, the screenshots and the icon were the same. The text did consist of a jumble of keywords, probably to lead as many searchers as possible to the app. Even the developer’s name was ‘WhatsApp Inc.’ with a unicode space to make it different from the original developer.

The app has since been removed, presumably by Google, after user reports and Motherboard’s attention. The developer does have another WhatsApp-like application on the Play Store, but this one is less convincing.

However, the situation surrounding this fake version of WhatsApp is not unique. For example, a source of the news site carries a example of an imitation of Facebook Messenger that has been downloaded at least ten million times and also had fake reviews to lure users.

While Google is more aggressive these days against malware in the Play Store, it seems like it’s still fairly easy to mimic an existing, popular Android app for the purpose of generating ad revenue, which won’t be picked up by a malware scan .