Cybercriminals are known to take advantage of everything that’s popular among people in order to spread malware, and Google’s official Play Store has always proved no less than an excellent place for hackers to get their job done.
Yesterday some users spotted a fake version of the most popular WhatsApp messaging app for Android on the official Google Play Store that has already tricked more than one million users into downloading it.
Dubbed Update WhatsApp Messenger, came from an app developer who pretended to be the actual WhatsApp service with the developer title “WhatsApp Inc.”—the same title the actual WhatsApp messenger uses on Google Play.
You might be wondering how the sneaky app developer was able to use the same title as the legitimate Facebook-owned maker of the messaging client—thanks to a Unicode character space.
The app maker added a Unicode character space after the actual WhatsApp Inc. name, which in computer code reads WhatsApp+Inc%C2%A0.
However, this hidden character space at the end of the WhatsApp Inc. would be easily invisible to an average Android user browsing Google Play Store, allowing this dodgy version of the app to masquerade as a product of WhatsApp Inc.