If you downloaded a version of the messaging app WhatsApp for Android from the Google Play Store last week, you may not have gotten the real thing.

Diabolically clever cybercriminals posted a very real-looking WhatsApp app to the Google Play Store, and more than a million people were tricked into downloading it. The fake app does connect to WhatsApp and deliver your messages--but it also buries you in ads.

Security experts are fond of warning users to be careful what we download to our mobile devices, but it's truly hard to see how even a sophisticated Android user could have spotted this app as a fake. Not only did it have the real WhatsApp look, it listed the developer as WhatsApp Inc.--the real name of the company that created WhatsApp and that Facebook now owns.

I don't know about you, but here's what I do before I install an app on my smartphone. First, I only download apps from an official online app store ... such as the Google Play Store. But this app was there. Second, I check to see who the developer is. And--yup--WhatsApp Inc. Third, I look to see if a lot of people have downloaded it. I would have found those one million downloads very reassuring. So if I'd been looking to get WhatsApp last week, I easily might have downloaded the fake "Update WhatsApp Messenger" app. Only, fortunately, I already have WhatsApp on my phone and didn't download the new version.

How the heck did fakers manage to make their app appear that it came from WhatsApp Inc.? That's the really clever part of this. The true name of the developer is actually "WhatsApp+Inc%C2%A0," but the extra characters are invisible in most browsers, making the name look like the trusted one.

The fake app is now gone from the Play Store, but this is far from the first time that malware has been found mucking up the Google Play Store, which has fewer protections than Apple's App Store. So, although Google has reportedly begun using A.I. to try to stamp out malware in the Android apps it offers, it obviously hasn't licked the problem yet. If you're an Android user, your only hope is to both double-check the developer and read a bunch of reviews before installing anything. A good anti-malware app on your Android device is also a good idea.

Meantime, if you got WhatsApp from the Play Store last week, you might want to uninstall it and download it again.

Published on: Nov 6, 2017
Like this column? Sign up to subscribe to email alerts and you'll never miss a post.